A ransomware cyber attack is currently targeting Australian businesses, following attacks on major firms and companies across Europe and the US. The Tasmanian Cadbury chocolate factory’s computer system was struck by the cyber attack, known as “NotPetya”, which “locks down” (i.e. renders useless) a given computer until the owner/user of that computer pays a ransom of bitcoin currency into a given account.
Workers at the Cadbury factory have been unable to continue normal operations as the virus has affected the entire system. Cadbury’s parent company Mondelez described the cyber attack as a “global IT outage”.
Australian staff from the global law firm DLA Piper received a text message from their head office warning them against logging into their computers and advising they should only communicate via mobile phone to avoid further spreading (international firms of DLA Piper had already been exposed to the virus overnight, so the Australian office is expected to be hit next). The malicious malware comes after the “WannaCry” virus spread across 150 countries last month.
What exactly are these viruses? And how damaging can they be?
What is ransomware?
Ransomware is a type of malware that gets into a computer, taking control of the entire system and data until a ransom is paid. Ransomware encrypts the data on the computer with a key that only the attacker knows. A message then pops up on the computer screen demanding payment or the ransomware will remain. Authorities are saying paying the ransom has not actually been proven to eradicate the ransomware and are warning those whose computer systems have been affected to not hand over any money.
Cybersecurity expert and former head of Microsoft’s threat intelligence analysis Sergio Caltagirone told Crikey: “Ransomware is usually delivered via email but users can also be infected by visiting unsavoury websites.”
What do the people behind these ransomware viruses want?
The viruses come all wrapped in a bow along with a polite request/demand for a ransom to be paid in the relatively new cryptocurrency bitcoin. The message on the screen of the corrupted IT systems of the Cadbury factory in Hobart supplied to an ABC news presenter asks the user to follow instructions to “recover all your files safely and easily”:
1. Send $300 worth of Bitcoin to following address: 1Mz7153MuxXTur2Rit78mGSdzaAtNbBWX.
2. Send your Bitcoin wallet ID and personal installation key to e-mail wowsmith123456@posteo.net.
If you have already purchased your key, please enter it below.
Is there anything that can be done to protect your computer?
Ensuring your computers are patched and regularly backed up is crucial in recovering from the attack. The nature of ransomware is that attacks are random, therefore users should back up data on another device to avoid losing files. Caltagirone stressed “every person and every company should be doing this now — not tomorrow”.
Why are these attacks happening now?
Ransomware attacks have been on the rise over the past three years and can affect anyone at any time. Cyber criminals are increasingly aware of how lucrative ransomware attacks can be, with many users seemingly willing to pay the ransom in the attempt to recover their files. Caltagirone says ransomware is a money-maker and “there is significant incentive for criminals to enter and expand this market”. However, other cybersecurity specialists have suggested the “ransom” part of this ransomware was actually just a stalking horse for malware whose primary function was to damage IT systems, not to extort money.
Are they co-ordinated?
At this stage, it has not been confirmed that the various attacks are linked. Last month’s WannaCry virus was similar in nature with the ransomware virus asking users to pay a sum of bitcoin or else their files would be deleted forever.
Can files be recovered after attacks?
The recovery success of encrypted files is uncertain. Cyber criminals usually provide an encryption key if ransom is paid, however there is no incentive for the attackers to hand over the key once payment is made. Authorities and cybersecurity experts are warning users to never pay the ransom amount. Caltagirone said: “By paying the ransom it emboldens others to conduct this activity and there is no guarantee that the criminal will unlock the files.”
It rather looks like NotPetya was not ransomware (perhaps a deliberate attack on the Ukraine). While you can send money, the program destroys the information required to make your disk functional! So the “don’t pay” advice is doubly good. See https://arstechnica.com/security/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/