Companies affected by global ransomware attacks should not pay the ransom so as not to feed into the growing business of organised cyber crime, a security expert warns.
- Over 57,000 infections in 99 countries have been detected
- Ransomware attacks happen every day in Australia, they just don’t get reported, expert says
- UK doctors have turned away chemotherapy patients due to not being unable to access medical records
Attackers have used encryption algorithms to lock files, which owners cannot access unless they pay a ransom.
Over 57,000 infections in 99 countries have been detected, with Russia, Ukraine and Taiwan being top targets, security software maker Avast said.
The attacks have led to hospitals and doctors in England turning away patients after they were unable to view their medical files.
But director for Centre for Cyber Security Research at Deakin University, Professor Yang Xiang, has strictly warned against giving in to criminal syndicates in order to have data unlocked.
“Cyber attacks have already become a kind of industry. [The attackers] are operating like a trained organisation and this will make the cyber security more and more difficult,” he said.
“I don’t think it’s ethical to pay ransom to get data back because we really need to have strong mechanisms to defend against attackers.
“If you keep paying ransom it’s actually helping attackers to grow the industry.”
How did the attack occur?
- Attack appeared to be caused by a self-replicating piece of software that takes advantage of vulnerabilities in older versions of Microsoft Windows, security experts say
- It spreads from computer to computer as it finds exposed targets.
- Ransom demands start at $US300 and increase after two hours, a security researcher at Kaspersky Lab says
- Security holes were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has repeatedly published what it says are hacking tools used by the NSA
- Shortly after that disclosure, Microsoft announced it had already issued software “patches” for those holes
- But many companies and individuals have not installed the fixes yet or are using older versions of Windows that the company no longer supports and for which no patch was available
Professor Yang, who daily works on detecting possible ransomware, said cyber security had been a “number one problem” in Australia for years, and urged government agencies, companies and individuals to prepare for future attacks.
“Australia has a very similar situation because it heavily relies on internet,” he said.
“We have seen a lot of ransomware attacks in companies and government organisations.
“It actually happens every day, it just didn’t get reported.”
While he could not say which specific institutions had been targeted, he did reveal the mining industry was under attack.
Ransomware encryptions are strong. Once the data has been locked, it is extremely difficult to regain access to it.
Professor Yang calls for the Federal Government not to downplay the threat of cyber attacks and to treat this as a priority.
“We just got some news that Government is cutting funding for universities. I think it is important to keep supporting research, support cyber security industry and provide more funding to innovation and research in this area,” he said.
Companies leave themselves open to attacks
One of the more reported victims of the latest attack has been Britain’s National Health Service.
Doctors in the UK have been forced to turn away even chemotherapy patients due to being unable to access their medical records.
Edward Snowden: “If NSA had privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened”
But just days before the attack, a UK doctor warned about hospitals’ software being targeted, saying “more hospitals will almost certainly be shut down by ransomware this year”.
Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, said in the British Media Journal health facilities left themselves open to hacks by using ancient operating systems.
But some have cast blame on the United States’ National Security Agency (NSA) and other countries’ intelligence services for hoarding software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.
Edward Snowden, who in 2013 leaked documents exposing US surveillance programs, said on Twitter NSA’s “dangerous attack tools” now threatened lives of hospital patients.
In March, WikiLeaks released thousands of “Vault 7” documents that revealed the CIA knew about several flaws in Apple, Google and Samsung software but did not tell the companies about them because it wanted to use them for spying.
Across the US Federal Government, about 90 per cent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters in March.
“These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world,” Patrick Toomey, a staff attorney with the American Civil Liberties Union, said in a statement.
The NSA did not respond to a request for comment.