WannaCry Worm Attacks Singapore
A malicious ransomware appeared out of the blue the past week and has infected a multitude of computers across the globe — Singapore included.
It’s called “WannaCry”, perhaps because if your computer has been affected, you will feel like bawling your eyes out over the loss of your beloved data.
According to The Hacker News, the virus has already encrypted the data of over 239,000 computers across 99 countries. Hospitals, schools, car factories and shops have all been hit by the virus.
For those who are not familiar with tech jargon, ransomware is a malicious virus that spreads rapidly to vulnerable computer systems. After they are infected, the ransomware encrypts their files and extorts payments from their users in exchange for their decryption, hence holding the data for ransom.
It targets computers running on unsupported or unpatched Windows versions and after infecting a computer, it scans other vulnerable targets that are connected to the same network and over the Internet.
Here’s a screenshot of the warning message that appears on a computer infected with WannaCry:
As seen from the above picture, the effects of the computer worm are as such:
- The computer’s data is encrypted, and no longer accessible.
- The unfortunate user can decrypt some files for free.
- But has to pay $300 in Bitcoin to unlock all files.
- Payment has to be made within 3 days, or the price will be doubled.
- The encrypted files will be lost forever if payment isn’t made within 7 days.
There are countdown timers shown, indicating how long the user has before the payment is raised, and how long before the files are lost — to intensify the user’s distress and “break” him into paying up.
What a mean, mean virus.
Singapore Under Attack
Singapore has fallen victim to the malware onslaught too, with several malls and shops affected.
For example, the digital directory systems at Tiong Bahru Plaza and White Sands Shopping Centre were plagued by the virus, reported The Straits Times.
Tiong Bahru Plaza’s general manager Karen Siow told Channel NewsAsia that there was “no sensitive information in the mall directories” and that “neither money not bitcoin were paid to the hackers”.
Here’s the digital directory service in Tiong Bahru Plaza that was affected:
Fashion store Desigual at Orchard Central was also hit by WannaCry.
Even if you haven’t been infected yet, the thought of being greeted by such a warning when using your computer is nothing less than terrifying, especially if you have highly sensitive and confidential information stored in your device.
But fret not, for there’s a way to protect your computer from faltering to the nasty malware.
Just perform the following steps below and your computer will be safe from WannaCry.
Here’s a step-by-step guide for Method 1, which seems to be the easier of the two to execute.
Search for the magnifying glass on your Windows taskbar and click it.
A search bar will pop up.
Type “windows features” into the search bar and click the option “Turn Windows features on or off”.
Another pop up will appear. Scroll down to a folder named SMB 1.0/CIFS File Sharing Support and uncheck it. Then press “OK”.
Be sure to restart your computer for the change to take effect.
Why Does It Work?
SMB stands for the Server Message Block, and is used primarily for providing shared access to files, printers, and serial ports and miscellaneous communications within a network.
WannaCry makes use of a Windows exploit code-named EternalBlue, which has the capability to penetrate machines running unpatched versions of Windows by exploiting flaws in the SMB Server.
So by disabling the SMB, you stop WannaCry from spreading to your computer.
Microsoft Security Update
Just to be on the safe side, you can also beef up your computer’s immunity system by downloading the SMB vulnerability (MS17-10) security update that Microsoft released earlier this March.
You should install this patch immediately if you have not done so.
You can download the security update on Microsoft’s website here.
If You’re Infected
For those with devices that are already infected, The Straits Times offered some advice from the Cyber Security Agency (CSA) of Singapore:
To prevent the ransomware from spreading,
- Remove the network cable connected to the computer OR
- Shut down wireless function on the device
- Patch and restore your systems
The CSA also said affected users can contact its SingCERT (Singapore Computer Emergency Response Team) at email@example.com or 63235052.
An advisory on the SingCERT website also advised all Windows users to make sure their systems are fully patched.
But even though a security researcher has seemed to find a “Kill Switch” for the WannaCry ransomware, it’s not over yet.
The Information Technology Company based in New Delhi, India revealed that an “upgraded” version of the original version of WannaCry, named WannaCry 2.0, is on the hunt.
It was created by a group of copycat hackers:
But we can protect ourselves by heeding the advice of cyber security expert Graham Clueley:
Given the high profile of the original attack, it’s going to be no surprise at all to see copycat attacks from others, and perhaps other attempts to infect even more computers from the original WannaCry gang. The message is simple: Patch your computers, harden your defences, run a decent anti-virus, and — for goodness sake — ensure you have secure backups.
Desperate Or Gullible?
Some people have allegedly obliged to the demands of the hackers and coughed up the cash to retrieve their files — that is, if this one twitter account is anything to go by:
Created by tech reporter and data developer Keith Collins, the Twitter account is managed by a bot that releases a new tweet whenever payment is made to the bitcoin wallet tied to the WannaCry ransomware. The total sum collected would be calculated every 2 hours.
If we assumed all of those were paid on time, that’ll mean a whopping 142 people (and counting) have already crumbled under the pressure.
Stay Safe And Secure
Regardless, let’s hope the experts come up with a strategy to quash the hacking attacks before more people mindlessly throw money at these devious hackers.
Thankfully, the CSA has confirmed that no Government agencies nor critical information infrastructure have been adversely been affected by the hackers.
Perhaps the much derided decision to remove Internet access from public servant computers turned out to be a prophetic in the end.