It is mind-boggling that, despite the world being warned, the past week’s ransomware attack almost took down a country’s healthcare system. ARTHUR GOLDSTUCK reports.
If the world didn’t know what ransomware was before, the incessant global headlines of the past week have provided an instant education.
The healthcare system in the United Kingdom was almost brought down by the WannaCry virus, which locks and encrypts computer files, rendering entire networks useless until a ransom is paid. The National Health Service had staff working overtime, not on patient care, but on using paper systems to manage patient information.
IT security company Kaspersky Lab defines ransomware as “a type of malware that severely restricts access to a computer, device or file until a ransom is paid by the user”. It can be installed through deceptive links in an email message, instant message or website, and can encrypt important files with a password.
Kaspersky Lab has detected at least 45 000 WannaCry (also known as WannaCrypt) infection attempts in 74 countries. While most have been in Russia, an animated map of infections published online by the New York Times (See http://bit.ly/wannaRSA) shows that targets were hit in every South African city.
Kaspersky explains that the ransomware infects victims by exploiting a Microsoft Windows vulnerability described and fixed in a Microsoft Security Bulletin in March 2017. The exploit is called Eternal Blue, and was stolen from the American National Security Agency (NSA) by a hacking gang going by the name of Shadowbrokers.
“Once inside the system, the attackers install a rootkit, which enables them to download the software to encrypt the data. The malware encrypts the files. A request for $600 in Bitcoin is displayed along with the wallet – and the ransom demand increases over time.”
Kaspersky is hoping to develop a decryption tool similar to those created for previous ransomware attacks, and available at noransom.kaspersky.com.
It should not have come to this, however. When the Windows vulnerability was revealed two months ago, it came with warnings that ransomware attacks and other cyber exploits were certain to follow. All Windows users were advised to update their software immediately, and IT administrators were advised to download and install the latest security patches. Users of the latest Microsoft operating system, Windows 10, were safe, as it did not contain the vulnerability.
Two months later, hospitals in the UK and elsewhere, along with businesses, public transport systems and even police stations globally, found themselves in crisis mode as their systems were brought down. By a known and well-publicised vulnerability.
It’s little wonder that scorn has been poured on UK Home Secretary Amber Rudd’s claim that there were “good preparations in place by the NHS to make sure they were ready for this sort of attack”. Guardian technology columnist Charles Arthur wrote that underfunding of the NHS “made the events of the past few days a disaster waiting to happen”.
In truth, it’s an ongoing disaster. As Arthur reports, between mid-2015 and the end of 2016, 88 of the UK’s 260 NHS trusts had been hit by ransomware.
In South Africa, it’s also an ongoing threat. Numerous individuals – particularly older users – have fallen for scammers supposedly phoning from Microsoft to say they have detected a virus on the user’s computer.
For some reason, the most suspicious of old-timers become like gullible children when receiving a call about their computers from a stranger. It does not cross their minds for a moment that the giant Microsoft is not about to phone an individual user about an issue on their system.
They are then persuaded to open a specific web address, download a piece of software and open it. Which instantly locks down their computer, and encrypts all files. They are told that, if they don’t pay a specific ransom amount by a given date, all the contents of their computer will be deleted.
Unfortunately, there is no Windows patch for gullibility. However, the same thing can happen via any number of exploits. In most cases, it is a result if clicking on a link or attachment in an email from a stranger.
The methods are going to keep evolving, and the trickery will keep getting more sophisticated.
“People in ransomware are thinking like business people,” said Ton Maas, digital coordinator of the Dutch National Police, during Kaspersky Lab’s annual Cyber Security Weekend in Malta last year. In 2015, he personally arrested two young ransomware creators, brothers who were conducting the business in their parents’ home.
“In this case, they were both the coders and the distributors,” said Maas. “Usually, you start with the coder, who offers code to distributors, who then target end-users. You even get code specifically written for the distributor, on request.
“The distributors buy the codes and earn their own money, but sometimes have to pay a percentage back to the coder. It is also possible to have a service contract, paying a fixed amount a month, so if you have problems and want to change something in the code, the coder will do it for you. You can call this ransomware-as-a-service.”
Kasperksy Lab’s 2016 Corporate IT security Risks Survey, presented at the Malta event, revealed that 20 per cent of businesses across the world experienced a ransomware attack in the previous 12 months. In South Africa, 19 per cent of businesses had come under attack.
The Lab helped the Dutch police track down the hackers responsible for a ransomware program called CoinVault, which added a new element: if victims did not pay immediately, the ransom “fee” steadily increased. That exact approach has now been taken by the WannaCry creator.
For now, WannaCry appears to be contained, but that is merely a respite in an escalating crisis. Expect worse. Far worse.
Smash hits the Nintendo Switch
Super Smash Bros. delivers what the fans wanted in the latest “Ultimate” instalment, writes BRYAN TURNER.
Super Smash Bros. Ultimate, the latest addition to the popular Nintendo Smash series, has landed on the Nintendo Switch with a bang, selling 5-million copies in the first week of its release. The game has been long-anticipated since the console’s release, as many fans consider
It features 74 playable fighters, 108 stages, almost 1300 Spirit characters to collect while playing, and a single-player Adventure mode that took about three days (or 28 hours) of gameplay to complete. The game offers far more gameplay than its predecessors, making it the Smash game that gives its players the best bang for their buck.
For those new to the game, the goal is to fight opponents and build up their damage score (draining their health) to knock them off the stage eventually. This makes the game seem chaotic, as many players jump around the platforms as if they were on quicksand, in order to avoid being hit by the other players.
It also services two kinds of players: the competitive and the casual.
Competitive players can be matched on the online service by skill ranking to enjoy playing with similarly high-skilled opponents. This is especially important in e-sports training for the game, and for players wanting to master combos against other human players. The casual gamer is also catered for, with eight-player chaos and button-mashing to see who comes out luckiest. This segment is also important for those wanting to learn how to play.
Training mode is also a place to go for those learning to play. It offers “CPU” players that are graded by intensity to train as a single player to learn a character’s moves, combos and general fighting style. More challenging CPU players can also be used by competitive players to train when there isn’t a Wi-Fi connection available.
Direct Play features in this game, allowing two players with two Switch consoles to play against each other over a direct connection – no Wi-Fi needed. This is especially useful to those who want to have a social gaming element on the go, similar to that of the cable connector of the Gameboy.
Click here to read Bryan Turner review of Super Smash Bros. Ultimate.
Win Funko Fortnite in Vinyl
Gadget and Gammatek have nine Funko Fortnite figurines to give away.
A Funko Pop figurine based on a character set is indicative of reaching the heights of pop culture. It is no surprise, then, that the world’s biggest online game, Fortnite, has its own line of Funko Pop figurines. The Funkos are modeled on the characters in game, including Drift, Ragnarok, Dark Vanguard, Volar, Tracera Ops, and Sparkle Specialist.
Now, local Funko distributor Gammatek has released the Fortnite figurines in South Africa. To celebrate, Gadget and Gammatek are giving away a set of three Funko Fortnite figurines to each of three readers (9 figurines in total). To enter,
You can put the tweet in your own words, but entries must have the competition’s hashtag (#FunkoFortnite) and mention @GadgetZA to be considered valid.
Click here to select the Funko Fortnite character you want to tweet.