WannaCry might have affected 500 IPs in Singapore

SingCERT is working with IMDA and local internet service providers to inform affected users and urge them to patch and clean their systems.

By Nurdianah Md Nur
May 17, 2017


About 500 internet protocol addresses in Singapore may have been hit by the WannaCry ransomware attacks.

However, the infected systems may not have had their file encrypted due to the kill switch activated by a security reseacher who goes by the name MalwareTech, said Dan Yock Hau, director of the National Cyber Incident Response Centre, on Tuesday (16 May 2017). The centre is a unit of the Cyber Security Agency of Singapore (CSA)

He added that the Singapore Computer Emergency Response Team (SingCERT) - which is a part of CSA - is working with the Info-communications Media Development Authority of Singapore (IMDA) and internet service providers to inform affected users.

"Affected users will still need to patch and clean up their systems," he said in a Channel News Asia's (CNA) article on Tuesday.

Last Saturday (13 May 2017), digital signages at Tiong Bahru Plaza and White Sands were believed to have been hit by the WannaCry ransomware. No sensitive information was lost and the affected systems were fixed the day after.

The same CNA article quoted CSA saying that no critical information infrastructure in Singapore has been affected by WannaCry so far. However, SingCERT has received a number of calls from businesses and individuals to find out more about prevention and patching.

Local internet service providers (ISPs) have also stepped forward to work with CSA to provide assistance on the ransomware. Businesses and members of the public can contact their ISPs for matters related to WannaCry at the respective hotlines:

  • MyRepublic: 6717 1680
  • ViewQwest: 6491 1321. 
  • M1: 1627 (residential customers); 1622 (corporate customers)
  • Singtel: 1688 (residential customers); 1606 (SME customers)
  • StarHub: 1633 (residential customers); 1800 888 8888 (for corporate customers from 9am to 6pm, Mondays to Fridays)

"This is an issue of national importance and we will take all the necessary measures to counter the spread of the ransomware and help businesses and members of the public prevent or recover from it as quickly as possible," said CSA chief executive David Koh.


Prevention tips

Some experts expect a second wave of WannaCry to hit the world soon.

Jerry Tng, Vice President APAC, ivanti, shares four ways for companies to protect themselves:

  • Since this ransomware attacks through phishing or other social engineering email, train staff not to click on unknown or malicious email. 
  • Update your Microsoft patches immediately-specifically MS17-010 which will slow proliferation of the ransomware. 
  •  Run effective antivirus (AV)software on all endpoints. If your virus definitions are one week out of date, the AV will not recognise this ransomware. 
  • Restrict administrative privileges and allow only whitelisted software to run. This malware would not be as successful if it did not have access to admin privileges, and it would not run at all if it weren't in the allowed whitelist of software. 

Fortinet added that organisations should back up data regularly, disable macro scripts in files transmitted via email, establish a business continuity and incident response strategy, as well as conduct regular vulnerability assessments.