Signal Alliance, a Microsoft enterprise partner in Nigeria has issued a WannaCry ransomware advisory to its clients and key users of Windows applications in Nigeria. This was because of the unprecedented cyber-attacks being experienced by several businesses and public sector organisations locally and globally.
Speaking on the advisory, Kelechi Agu, Technology Lead on Security in Signal Alliance said, “as soon as we were aware of the unprecedented spread of the Ransomware attack, which hit tens of thousands of businesses worldwide – including the entire British health care sector – we gave our clients a breakdown of what we know about the malware. The Ransonware is responsible for the encryption attacks. We educate them what they can do to stop it.”
Wannacry is the malware responsible for what is regarded as the biggest online extortion attack in history. Technically, it is classified as a worm – a type of malware that is self-replicating and self-propagating.
Malware is any kind of software specifically made in a variety of forms to disrupt, damage or gain unauthorized access to a computer system or network. It includes ransomware, computer viruses, trojan horses, worms, trojan, spyware and adware and other malicious programmes. It can take the form of executable code, scripts, active content, and other software.
Ransomware malware adds a new dimension because, it typically depends on the action of the user who clicks an email to propagate it. While WannaCry, being a worm, self-propagates by taking advantage of a vulnerability in Microsoft’s Server Message Block (SMB) protocol, an exploit known as EternalBlue. With Microsoft being the most widely used business platform/Operating System, WannaCry spreads quickly once it has infected a single host in a network.
Microsoft released a patch update on March 14, 2017 to address the EternalBlue vulnerability exploit. Companies that are slow to apply these updates have become victims of this widespread ransomware infections. The first step to protecting your business is to make sure your servers, and endpoints are up to date. Older Operating System versions represent major vulnerability points.
The countermeasures to take, according to Agu are to ensure your endpoint protection solution includes malware recognition and decryption features. If it doesn’t, invest in one; replicate and back up important business data and services. Allow redundancy. Ensure all operating system patch updates are applied quickly.
Initially, the ransomware was stopped by a kill-switch, discovered by an anti-malware researcher. This kill switch was an unregistered domain the virus was apparently trying to connect to, once inside the network. The researcher bought the domain, which effectively stopped the spread of the virus – temporarily.
Agu said, “Working with Microsoft, Signal Alliance is assisting organisations and individuals facing the WannaCry or Ransomware challenge, or have set up a command centre, to resolve the problems professionally.”