•We need to fortify Nigerian cyber space more —NITDA DG
•NCC advises Telcos on proactive measures
•Government should treat the attack as a wake-up call — Microsoft, ISPON
THE deadly ransomware virus that hit no fewer than 150 countries across the globe at the weekend is spreading panic around the world, causing widespread damage.
Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse.
More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.The ransomware may also encrypt the computer’s Master or the entire hard drive.
Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
The young cyber expert who saved the world
The young cyber expert who saved the NHS from hackers is working with GCHQ to head off another attack, it has been claimed.
Marcus Hutchins has been credited with stopping the WannaCry ransomware attack from spreading across the globe by accidentally triggering a “kill switch”.
The self-taught 22-year-old took just few hours to stop the breach, which had already spread to more than 200,000 victims – including the NHS – across 150 countries.
Already, security experts have warned that the full impact of the audacious cyber attack that crippled 200,000 computers globally might be truly felt in the days ahead as workers returned to their offices and turn back on their computers.
The cyber attack, according to industry watchers, appears to have caused more economic harm than good, as many countries appear apprehensive on further attacks. While the software giant, Microsoft has warned that the attack should be treated by governments around the world as a “wake-up call”, the National Information Technology Development Agency, NITDA, has noted that this is the time for Nigeria to fortify its network to avoid cyber vulnerability.
The virus, also known as “WannaCry” or “Wannacrypt”, according to report, is believed to be part of the United States National Security Agency hacking tools that were leaked earlier in the year. The ransomware virus, the report added, swept computers running on Microsoft Windows Operating System, especially those not currently supported such as Windows XP, Windows 8 and Windows Server 2003, across the globe.
Notable organisations affected by the virus since Friday included the National Health Service, NHS, in the UK, along with Telefonica in Spain. Courier giant, FedEx, was also hit by the virus, Sky News reported. The spread of a “ransomware” attack against computer systems around the world, according to report, affected the United States much less than other nations because a British cybersecurity researcher accidentally stopped the attack from spreading more widely, according to cybersecurity experts.
Hackers appeared to have exploited a flaw in Microsoft’s Windows operating system that was first discovered by the United States National Security Agency. The flaw and a tool to exploit it with malicious software were made public in April by a hacker collectively known as Shadow Brokers.
NITDA gives Nigerians guidelines on protection:
Worried about the attack, the NITDA Director General, Ibrahim Pantami, has given Nigerians guidelines on how to protect their personal and workplace computers from being affected by ransomware.
According to the NITDA DG, Nigerians should isolate their systems from their networks if infected by ransomware.
To prevent threat from further spreading, he advised Nigerians to take the following actions:
- Remove the system from network.
- Do not use flash/pen drive, external drives on the system to copy files to other systems.
- Format the system completely and get fresh OS copy installed.
As a general precautionary measure, he said that NITDA recommended that individuals and organisations should regularly update their operating systems with the latest patches, regularly update their software applications with latest patches, avoid downloading and opening unsolicited files and attachments, adjust security software to scan compressed or archived files, and avoid indiscriminate use of wireless connections, such as Bluetooth or infrared ports.
Similarly, the Nigerian Communications Commission, NCC, in fulfillment of its statutory mandate to assure the security and integrity of the national telecommunications network has alerted all operators and their respective subscribers of the outbreak of a Ransomeware Virus known as “WannaCry”.
According to NCC, the Ransomeware is capable of infecting and encrypting all files on a system or any smart device until an amount is paid for a decryption key, or other means of retrieval which may lead to data loss are used to recover the system as an alternative. “This situation demands that proactive measures be taken by all players in the telecommunication eco-system to forestall the hazards of critical data loss, financial losses and ultimately network/business disruption”, NCC added.
The regulatory authority has advised that the following protective measures be taken:
- To obtain software patch released by Microsoft in March 2017 to fix the Ransomeware Virus.
- To plan scheduled penetration tests on the networks and systems to ensure protection and availability at all times.
- Subscribers who use their smartphones as substitutes to computers for internet access should protect themselves and their devices by not opening e-mail attachments/links from unknown sources, not clicking pop-ups and applets on unknown websites and installing effective antivirus software for their mobile devices. As part of the proactive measures, the Commission has advised Mobile Network Operators, MNOs to initiate regular assessment and audit of their cybersecurity readiness.
All operators, NCC added, should continue to ensure that their backup/disaster recovery strategies are in place and up to date. Assuring that it was working towards creating a link with the Cybersecurity Alert System on its website so that current information on global cyber threats/incidents could be immediately communicated to stakeholders, NCC further advised all operators to ensure continued deployment of effective firewalls, login passwords and antivirus management regime.
Meanwhile, a statement from Microsoft president and chief legal officer Brad Smith at the weekend criticised the way governments store up information about security flaws in computer systems. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” he said, adding that, “An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen. The governments of the world should treat this attack as a wake-up call.”
Microsoft said it had released a Windows security update in March to tackle the problem involved in the latest attack, but many users were yet to run it, reports the BBC. “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” Smith said.
The latest virus exploits a flaw in a version of Microsoft Windows first identified by US intelligence. There have been warnings of further “ransomware” attacks as people return to work on Monday. Many firms have had experts working over the weekend to prevent new infections. It would be recalled that last March, Microsoft, in an unusual move, released a patch for all the old, non-supported operating systems to protect computers vulnerable to the NSA leaks.
But the ransomware virus proved so malicious that Microsoft had to issue another patch for all Windows OS-based computers dating back as far as 14 years. For the former President of Institute of Software Practitioners of Nigeria, ISPON, Chris Uwaje, the ransomeware malware incident is a wakeup call to Nigeria and indeed the African continent.
“What Ransomeware is doing is indeed “digital kidnapping “ .and its not new. Individuals or nations can be digitally kidnapped and it will continue to happen on MS Windows platform as the world migrates to Opensource OS. Nigeria which is predominantly a Windows OS Environment is endangered to state the least”, he explained.
Impact: While Kaspersky Lab has published the results of its more-than-year-long investigation into the activity of Lazarus – a notorious hacking group allegedly responsible for the theft of 81 million dollars from the Central Bank of Bangladesh in 2016, cybersecurity experts identified the malicious software as a variant of ransomware known as WannaCry.
Workers at hospitals and companies across the globe were confronted with a message on their monitors that read, “Oops, your files have been encrypted!” and demanded $300 in Bitcoin, an anonymous digital currency preferred by criminals, to restore access. Experts said that the attackers may pocket more than $1 billion from individuals worldwide before the deadline ran out to unlock the machines.
Countries/companies affected: Among the companies and government agencies affected were FedEx, Britain’s National Health Service and the Russian Interior Ministry. At least 45 British hospitals and other medical facilities seemed to be hit hardest by the attacks, which blocked doctors from gaining access to patient files which caused emergency rooms to divert patients.
Prime Minister of the United Kingdom, Theresa May said there was no evidence that patient data had been stolen. On Saturday, British authorities said that 48 of Britain’s 248 public health trusts, or about 20 percent, had been assailed in the attack. All but six are back to normal.
In Asia, there were widespread reports of attacks at universities, with students locked out of their theises and final papers as graduation loomed. 45,000 attacks were recorded in nearly 100 countries. While many Chinese computers at nearly 30,000 institutions including government agencies have been hit by the virus, over all, more than 45,000 attacks were recorded in nearly 100 countries. Russia was the worst hit, followed by Ukraine, India and Taiwan, according to Kaspersky Lab, a Russian cyber security firm.
Microsoft issued a new patch for its Windows software after the attack. Companies like Deutsche Bahn, the German transport giant; Telefónica, a Spanish telecommunications firm; and Renault, the French auto maker, said that some of their systems had been affected, though no major outages had yet been reported across the region’s transports or telecom networks. The Russian Interior Ministry confirmed in a statement that 1,000 of its computers had also been hit. Security researchers blame North Korea
While North Korean hacking group, ‘Lazarus’ blamed for spate of international cyberattacks, security researchers have flagged a possible link between North Korea and the massive cyberattack that hit at least 150 countries around the world.
Lazarus Group is a cybercrime group made up of an unknown number of individuals. While not much is known about the Lazarus Group, researchers have attributed many cyber attacks to them over the last decade.
The Lazarus hackers carefully route their signal through France, South Korea and Taiwan to setup their attack server, according to Kaspersky.
Experts say it’s still far too early to say whether North Korea was behind the outbreak of ransomware attacks that has affected hundreds of thousands of computers.