OpsLens

Massive Ransomware Attack in UK Harsh Reminder of Security Risks

“Even with IT security experts on the case, the government may be forced to give in and pay for decryption.”

The United Kingdom was hit by a massive “ransomware” attack on Friday, highlighting both the world’s dependency on software and the Internet, and reminding us of the risks. The widespread attack has resulted in surgeries being canceled and forced ambulances and patients to be diverted to unaffected hospitals.

Workers trying to log into systems were faced with messages demanding payment in exchange for access. While ransomware attacks on individuals are common, such widespread ransom attacks on large organizations are rare. “Ransomware” occurs when a hacker takes controlled of computer devices, documents, and other assets and then demands payment in exchange for regaining access.

It’s believed that 25 National Health Service hospitals were affected by the attack. The hacks have locked medical practitioners out of medical files, among other things. Without access to these digital files, doctors can’t look up what medications patients are on or what their allergies are.

The National Health Service is working with the National Cyber Security Centre to get systems up and running again. As of right now it appears that the Wanna Decryptor or a similar program was used. This software encryption malware program has become increasingly prevalent.  The Wanna Decryptor malware generally demands bitcoin in exchange for “decrypting” files.

Once a file is encrypted it is nearly impossible to decrypt it without the right keys. Even with IT security experts on the case, the government may be forced to give in and pay for decyrption. It appears that demands for payment are only $300 dollars, but it is unclear how many programs and files have been locked, and whether or not the government will make payments.

In the meantime, non-urgent care is being delayed and patients are being routed to unaffected hospitals. While numerous hospitals have been hit, some remain unaffected. Security experts are taking steps to lock down the problem and to prevent it from spreading further. It remains unclear what caused the breach in the first place.

Spanish authorities reported similar attacks affecting a range of companies in Spain. Telecommunications provider Telefonica and power company Ibedrola were both hit in the attacks. It’s not clear if these attacks were related to the attacks in the United Kingdom, or who may be responsible.


Don’t Call a Cybercriminal to Fix Your Computer

By David Thornton; OpsLens:

“It is the perfect crime, as it is most often committed by people outside the US in places that the FBI can’t reach.”

Three times in the past two weeks, I have had someone tell me, “I had a screen pop up saying my computer was infected with a virus and I needed to call a 1-800 number.” All three of them called the number. Two of the three provided remote access to their computer. One gave his credit card information to pay a stranger he never met to do “work” on his computer that he didn’t understand. Each time, my facial twitch betrayed my disappointment. They responded defensively, “Well, I’m not good with computers!”

Please, please, please don’t do this. First, you have no idea who is on the other end of the line when you call. In most cases, it is not a company with your best interests in mind. By giving them access to your computer, they can download viruses and malware, steal your data, shut down your network, change your passwords, and all sorts of other nefarious behavior.

Second, this type of scam is one of many that helps fund the cyber-criminals and enemies of our nation. At the risk of repeating myself to people who have read previous blogs and articles that I have authored, cybercrime is occurring at rates never before witnessed.

It is the perfect crime, as it is most often committed by people outside the US in places that the FBI can’t reach. These are not crimes being committed by a couple of teenagers in mom’s basement “for kicks.”

As a retired cop, I never want to put money in the hands of criminals. Reputable IT companies and computer repairmen do NOT do business like this. Take a moment to search for a local managed services provider, IT provider, or computer repair company. A few things to look for to identify reputable companies:

  1. Check out the website for their company. Is it aesthetically pleasing? Does it clearly identify what services the company offers? Is the material presented in a clear, concise manner that you can understand? Does the website identify the company as being licensed and insured?
  2. Call your local Chamber of Commerce. They will be happy to point you in the direction of one of their members that is a good-quality company.
  3. Always follow your gut instinct. If it doesn’t feel right, it probably isn’t! End the call and move on. There are plenty of companies doing IT out there. Not all of them are shady.

These are just a few helpful hints for those without the in depth knowledge necessary to identify a vulnerability in their network. If nothing else, those that believe they are being scammed can now begin to rectify the situation before further damage can occur.