Gov’t issues WannaCry warnings

The spread of WannaCry ransomware has been wreaking havoc across the world since Friday, and several Vietnamese businesses and agencies are advised to take precautions.

A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan on Sunday. According to news reports, a ‘WannaCry’ ransomware cyber attack hits thousands of computers in 150 countries, encrypting files from affected computer units and demanding US$300 through bitcoin to decrypt the files.-EPA/VNA Photo

The Viet Nam Computer Emergcy Response Team, under the Ministry of Information and Communications, has issued warnings as well as offered protection measures to all users to guard against the ransomware and its variations, which target Microsoft Windows - an operating system that is widely used in Viet Nam, especially the outdated Windows XP.

Kaspersky has listed Viet Nam among the top 20 countries most affected by this ransomware; the other countries and territories include Russia, Ukraine, India, Taiwan, and mainland China.

The VNCERT said the ransomware is extremely dangerous as it is capable of stealing information and encrypting the entire system that has been infected.

Once the computer’s data has been encrypted, or locked down, a message appears saying that the users’ files are no longer accessible. Should they want to get their data back, users are asked to pay large sums of money to get a decryption key. The longer the users wait, the higher the ransom money. The hackers behind WannaCry only accept ransom paid via BitCoin, a digital currency that ensures that the transaction cannot be traced.

The State Bank of Viet Nam yesterday confirmed that no Vietnamese credit institutions were affected by the WannaCry ransomware. It urged all banks in the country to take precautions against the ransomware.

Vu Ngoc Son, deputy head of the anti-malware department of Bkav Corporation, the largest internet security firm in Viet Nam, said that the WannaCry ransomware’s behaviour is “not new”, but he believes that the use of this ransomware will not really ease up as “it can directly earn large profits for hackers”.

Bkav recommends that all computer users immediately install updates and security patches and hotfixes via Windows Update. Users are also advised to back up valuable data regularly, either to cloud services or to another disk drives, and not click on suspicious links or attached files.

Mac or Linux users are at the moment safe from harm, but there remains a risk they could be infected via the intranet once a member computer is infected.

Currently, an estimated 200,000 victims in 150 different countries are reported to have been hit by the cyberattack. More than 200 computers in Viet Nam were reported to be infected with the ransomware, including servers of some businesses.

Le Nguyen Khang, head of VCCorp’s Department of Information Security, said that internet users should not blindly purchase antivirus tools in fear of attacks if they do not have the financial means, while “the built-in Windows Defender could do the job just fine”, as long as the programme’s virus database is updated and users’ cautionary steps are completed. Khang added that there’s no guarantee of being able to regain data even when the ransom has been paid.

WannaCry exploits a Windows vulnerability codenamed EternalBlue, which was patched by Microsoft in an update deployed on March 14. However, not everyone has installed the patch yet, and those who have not are vulnerable to WannaCry.

The exploitation of EternalBlue, suspected to have been developed using a hacking method leaked from US National Security Agency, allows the malware to spread through file-sharing protocols set up across the internal networks of organisations, many of which criss-cross the globe, according to the Financial Times.

WannaCry developers have prepared Q&A sections in various languages, offering infected users localised instructions on how to recover data or how to pay the ransom.

Source VNS