May 16, 2017
Just a few days have passed since the WannaCry ransomware struck globally (Friday, 12 May 2017). The strike saw the ransomware hit more than 200,000 computers in 99 countries, locking their users out of their own systems, and also prompted an alert from CyberSecurity Malaysia over the weekend.
Even major companies were not spared, from Spain's Telefonica to America's FedEx and England's National Health Service (NHS), which was hit especially hard and paralyzed to the extent that operations were cancelled, patient records became unavailable and even phones did not work.
While the attack was stopped by a young cybersecurity researcher in the UK who found and activated a 'kill switch' in WannaCry, and thereby stopping further chaos for the time being, experts believe that it's not over and modified variants are expected soon.
In June 2016, when Computerworld Malaysia interviewed Fong Choong Fook, a former ethical hacker turned security consultant to the financial services industry, he predicted that the healthcare industry was likely to be the next frontier for major cyberattacks.
To date, Malaysia has so far not appeared to have any official reports of incidents (though Fong indicated that his company may have detected signs on about 10 computers belonging to client companies over last weekend). However, the effect on the NHS did bring to mind an earlier warning from Fong, who is now LGMS executive director and senior IT security consultant, LGMS, is a Malaysian company which specialises in penetration testing, digital forensics and computer crime investigation.
Photo: Fong Choong Fook, recently recognised as Malaysia's Cybersecurity Professional of the Year in 2016 by Cybersecurity Malaysia.
Fong had expressed this concern and predicted such a scenario in an exclusive interview with Computerworld Malaysia that the healthcare industry would be especially hit hard through cybersecurity vulnerabilities.
What is WannaCry and ransomware?
WannaCry was spread through various measures such as spam and exploited a major loophole found in Microsoft Windows.
"The loophole was big and could be traced back to earlier Windows versions like Windows XP. These outdated and obsolete systems are especially vulnerable to malicious code such as ransomware," he said.
"Another factor that made the situation worse is that Microsoft is not obligated to issue patches and support for these obsolete systems anymore," Fong told Computerworld Malaysia over the weekend.
According to information from Microsoft's own security portal, ransomware stops users from using their own computers. It holds the PC or files for "ransom" and will only release the PC or information after that has been paid, usually through a digital currency such as BitCoin.
Yet there is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again, he said.
Who does ransomware affect?
"The WannaCry attack is another textbook example of the fact that everyone today is vulnerable to cyberattacks. Cybercriminals no longer pick and choose their targets; you and I are their targets, businesses are their targets, everyone is. For businesses, it no longer matters if you are a large organisation or small shop, if you use the Internet, you're a potential target," said Fong.
Fong also cautioned that many companies apparently feel secure as they are not in 'lucrative' fields such as finance or banking. "These companies often only put in place basic ground-level defences and hope to get by. The threat is real and the scope is all-encompassing. From students to business owners, everyone is at risk today."
Can you be safe?
Although Fong believes that everyone is at risk, there are basic measures that users should execute to have a better chance at staying safe. A fundamental safety step is to regularly backup data.
Then, ensure all computers are always updated with the latest updates from Microsoft or other large vendors, he said.
"Although Microsoft did make an exception this time, there are so many systems and users out there do not take security updates and upgrades seriously. This is an attitude and mindset that needs to change" said Fong.
"It's also important to have antivirus installed and that it is constantly kept up to date. Be aware of what you're doing and be especially diligent when opening suspicious email attachments. Most importantly, avoid downloading and using pirated software," he added.
What to do if you're hit by ransomware
Fong's advice to in the event of being hit by ransomware is:
1. Don't pay the ransom
2. Ensure that you have checked through www.nomoreransom.org<http://www.nomoreransom.org> to see if the encrypted files can be recovered
3. Restore your system and files from a back-up
4. Perform a thorough scan, cleaning and hardening on the infected system
Also, a reminder is to perform back-ups using Offline mode, he added. "Make sure that the back-up data is never accessible from the network. Using portable hard disks is a good solution," said Fong.
When asked about effective preventive measures, Fong's following advice mirrors essential aspects of basic IT hygiene:
1. Always backup your files
2. Ensure you computers are always updated with latest updates from Microsoft
3. Having antivirus installed
4. Be diligent when opening suspicious email attachment
5. Do not download and use pirated software
Meanwhile, alerts from industry include Symantec's advisory (14 May 2017), which said: "Organisations and individuals hit by ransomware will not find it easy to recover. It will involve painstaking rebuilds and restoring of backed up data to stand back up impacted machines. Victims without backups indeed lost data due to the asymmetric encryption usage."
Another industry professional offered two more reasons as to "why attack was so devastating"-
(1) Support for Windows XP had ended and, hence, no more security patches for this system released in about 2001
(2) When people use counterfeit software, they cannot get security patches. It's to encourage people and companies to get genuine software.