Massive ransomware “WannaCry” attacks happened in Europe, Russia and US over the weekend and it had spread to more than 100 countries. Singapore is not spared as well. Several malls in Singapore have received the ransomware message on Sunday morning.
Situation
- On 12 May, 2017 a new variant of the Ransom.CryptXXX family (Detected as Ransom.Wannacry) of ransomware began spreading widely impacting a large number of organizations, particularly in Europe. It has now been detected in over 100 countries including Singapore.
- WannaCry encrypts data files and ask users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.
- WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.
What should you do to equip your business against Ransomware?
- The best solution is to prevent Ransomware message from entering the computer. Start off with your employee. Educate and equip your employees with the knowledge of such attack. Usually such attack will require users to open affected file (say in an email). if the file is opened, a set of malicious code will enter the computer system and your data will be encrypted i.e. you are not longer able to access your data. Your employees must be taught not to open any file from an unknown source. Prevention is always better than cure. To help Singapore companies to know more about cyber security, the Info-communications Development Authority of Singapore (IDA) has setup Singapore Computer Emergency Response Team (SingCERT). You may wish to visit their website by clicking here
- Always have a backup. As a business owner, you must always be prepared for the worst scenario. Ransomware attacks encrypt your data making them inaccessible to you. If you have created backup regularly, you could always restored to the previous version once the ransomware has been removed. In fact, Singapore-based cloud company – Acronis has developed solutions specifically on detecting and stopping ransomware. Check up more at http://www.acronis.com/en-sg/resource-center/resource/13/
- Regular update on your computer’s operating system and antivirus software. Ransomware evolves and updates will include patches against newly discovered security vulnerabilities. Read up more at Mircosoft’s Malware Protection Center
To add on, I would like to highlight one important note to the readers. If you ever suffer from such attack, do not pay the ransom! There is still a chance that you won’t get your data back even though you have paid and by and large, you do not want to feed such criminal behavior by rewarding for the crime they’ve committed.
Lastly, I would like to thank Nick Savvides, Security Advocate, Symantec Asia Pacific and Japan for sharing the insights of Ransomware. You may wish to read up more at Symantec’s blog here
Also published on Medium.