Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Aussies hunker down as WannaCry ransomware attacks escalate

Chris Player | May 16, 2017
Local victim count remains low but warnings continue.

As the highly publicised Wana Decryptor or WannaCry ransomware attacks continue to hit businesses, the Australian Government has revealed the number of local victims had reached 12 and more were suspected.

Reports suggest that the list of victims globally had more than doubled in the last few days, but Australia seems to have escaped the worst of the attacks with the Federal Government saying it and the country's critical infrastructure had been thus far unaffected.

On 15 May, the minister assisting the prime minister for Cyber Security, Dan Tehan, warned local small to medium businesses to take urgent action to reduce the risk of infection.

"As of 6pm AEST there had been eight reports of Australian small businesses affected by what has likely been 'WannaCry or WannaCrypt' ransomware," Tehan said in a statement.

He added that the ransomware had not affected Australia's critical infrastructure or Government agencies.

"Small business owners should be pro-active about their cyber security in the wake of this ransomware campaign affecting computers around the world," Tehan said.

"If your business has been infected you should isolate the affected computer from your network to prevent the software spreading and use backup data to restore information.'

Similarly, the Australian Government's Stay Smart Online service has warned businesses, households and individuals take steps now to protect computers, networks and devices.

"The Australian Cyber Security Centre (ACSC) has been engaging with Australian businesses and industry sectors over the weekend to ensure they are aware of the threat and have taken appropriate measures," the agency said in a statement.

"A small number of businesses have reported likely infection and there will likely be more cases in days to come."

The Malware is so effective because it exploits a Windows vulnerability patched in March by Microsoft. The attacks became so widespread that the vendor also released patches targeting out-of-support versions of Windows including Windows XP, Windows Server 2003 and Windows 8.

Europe bore the brunt of the initial attack which hit more than 75,000 victims over the weekend including the UK National Health Service (NHS), the Russian Government, the Spanish telecommunications sector, German Railways and US-based FedEx Corp.

Now researchers at Symantec and Kaspersky Lab are saying some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korean operation.

The theory surfaced after a Google researcher, Neel Mehta, issued a tweet containing a set of characters referring to two portions of code in a pair of malware samples and a hashtag #WannaCryptAttribution. Researchers have since linked the code to the North Korea.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.