Last week, tens of thousands of organizations across the globe were struck by a massive-scale ransomware attack through malware known as “WannaCry”.
The malicious software locks data away and demands payment of up to US$300 a time before it would restore scrambled files. The healthcare sector in particular, was heavily hit in certain countries where services of hospital and ambulance unfortunately had to be suspended due to the disruption.
CyberSecurity Malaysia, responded swiftly with issuance of an urgent advisory alert for organisations in Malaysia to take immediate preventive steps against ransomware attacks. We held a press conference at the Ministry of Science, Technology and Innovation to explain the situation and to respond to questions from the public.
Ransomware is the fastest growing malware threat, whereas malware is generally a hostile or intrusive software that targets users of all types — from the home user to the corporate network.
Most of us think we are safe from ransom extortion but gone are the days when criminals only target the wealthy.
In today’s digital age, almost anyone in Malaysia or the world who is connected to the Internet is a potential ransom target, irrespective of where you are – urban or rural areas!
To explain ransomware, it is a malware for “data kidnapping”. The attacker encrypts (lock) the victim’s data and demands payment for the decryption (unlock) key for the victim to regain access to the system or files. It either prevents normal use of the victim’s computer or denies access to files.
The “data kidnapper” demands a ransom payment from the victim for the victim. Some malicious versions even have a timer and begin deleting files until a ransom has been paid. The ransom could range from a minimal amount to thousands of dollars, but it is often settled via the virtual currency Bitcoin without having to reveal the identity of the attacker!
Ransomware can be delivered through e-mail attachments, infected programs and compromised websites. But most commonly through an infected file attached to emails. Ransomware can also infect when a user visits an infected website and malware is downloaded and installed without the user’s knowledge.
Another method of transmission is through social media, such as Web-based instant messaging applications.
But this time, the “WannaCry” ransomware is next-generation. It does not just encrypt one local machine; instead it propagated itself, spread throughout the organisation’s network and infected unpatched devices. Experts call it a “ransomworm”.
Once you are hit by ransomware, your recourse is limited. Paying the ransom does not guarantee the encrypted files would be released. It only guarantees that the cyber criminals receive the victim’s money and in worst-case scenarios, their personal information would be subjected to further extortion.
In many cases, the victim ends up losing all of his or her data.
According to cyber security firm Symantec’s latest Internet Security Threat Report 2017, the number of global ransomware detections increased by 36 per cent during 2016 to 463,000 incidences. In tandem with the spike in attacks, the number of new ransomware families more than tripled to 101.
In terms of ransomware threat by destination, Malaysia was ranked 17th globally, and 6th in the Asia Pacific and Japan region. From January to April 2017 alone, CyberSecurity Malaysia has received 44 incident reports on ransomware.
At this rate the annual figure may well surpass 2016’s total of 83 incidents. The mean average ransom demanded by attackers has also increased dramatically during 2016 from US$294 in 2015 to US$1,077. The statistics underscore a trend that more cyber criminals are jumping on the ransomware bandwagon.
CyberSecurity Malaysia will continue to monitor ransomware attacks and provide technical assistance to affected organizations and individual users on remediation and preventions through their Cyber999 service.
The Un-Erasable Digital Footprint
Ransomware is arguably one of the most dangerous types of malware because of how it works and how it affects its victims. Despite all the warnings, many still fall victim to this type of threat.
According to statistics by Malaysia Communications & Multimedia Commission, Malaysians spend almost 6 hours on computers and about 3.5 hours on social media daily. This makes us one of the most vulnerable targets to cyber criminals.
Malaysians also need to be mindful that an individual’s digital footprint is on the Internet permanently and they may one day become valuable targets for ransomware criminals. These include photos or videos posted on social media, radical opinions published to blogs and personally identifiable information such as contact information and addresses.
Putting a Stop To Ransomware
To protect against “data kidnapping”, one immediate step is to back up data on a regular basis and most importantly, have a back-up and recovery plan in case your mobile device or computer is encrypted by ransomware. If an attack occurs, do not pay a ransom. Instead, wipe the disk drive clean and restore data from the backup.
Malaysians should also deploy email and web security tools. Be sure to update anti-virus and anti-malware tools regularly. We should keep data in separate devices and store back-ups offline while maintaining up-to-date anti-virus software and perform regular patches (updates) by downloading them directly from original software developer.
Use stronger passwords which are complex and change them regularly. Many Malaysians are guilty of using simple and predictable passwords since they are easy to remember. A strong password should at least comprise eight characters inclusive of numbers and symbols.
For smartphone users, it is wise not to download third-party apps which are created and provided by a vendor other than the manufacturer of the device, from untrusted sources. While some of the apps may look legitimate, free apps may contain ransomware. Therefore, always check the app developer to ensure reliability and read the permissions before downloading.
Most importantly, “Think Before You Click”. Be cautious at all times and never open any suspicious emails even if they look official. Instead, look out for odd subject lines, typos, or URLs that do not have the correct domain and delete them immediately.
Ransomware Isn’t Going Anywhere
Ransomware demands attention regardless of industry and this high-value attack method will likely continue with the growth of ransomware-as-a-service (RaaS), where potential criminals with no training or skills can easily download tools and use them at a victim.
MOSTI has undertaken several initiatives to increase the digital literacy of local communities through ICT development under our social innovation programme. One such project is MyCyber Komuniti in Tamparuli, Sabah – a one stop centre for knowledge and information sharing about positive usage of computer and the Internet.
The centre is equipped with computers, Internet access, digital printers and scanning machines to bridge the digital gap and empower local community to overcome issues relating to cyber security.
Another notable national-scale educational programme is CyberSAFE, the short for “Cyber Security Awareness For Everyone” to generate awareness on the technological and social issues facing internet users, particularly on the risks they face online. Various annual CyberSAFE programs have been introduced to inculcate safer Internet usage among school children in Malaysia.
It is inevitable that ransomware will continue to thrive. The most judicious approach to adopt is prevention. I hope this incident would raise much awareness.
Lastly, as advocated by CyberSecurity Malaysia in their “MyViralVow” campaign, please verify any information with the authority, in this case regarding ransomware, before sharing them with your contacts.
Wilfred Madius Tangau.