Global cyber attack: Don't pay the ransom, says S'pore's cyber security agency
SINGAPORE — Amid signs that a number of local retailers, malls and individuals have been hit by the global "ransomware" attack, the Cyber Security Agency of Singapore (CSA) has urged those affected not to pay the hackers.
SINGAPORE — Amid signs that a number of local retailers, malls and individuals have been hit by the global "ransomware" attack, the Cyber Security Agency of Singapore (CSA) has urged those affected not to pay the hackers.
Doing so will not necessarily resolve the problem, and there have been cases where affected users have been unable to access their computer files after paying up, the agency warned in a statement on Sunday (May 14).
The online attack has claimed some 200,000 victims in at least 150 countries since it first struck last Friday's (May 12). Cyber extortionists used a tool to trick victims into opening emails with malicious malware attachments, which would then lock up a user's computer until a ransom is paid.
"While affected users may choose to pay ransom to access their files again, users are advised not to pay the ransom as there is no guarantee that their files can be recovered even if they have done so," said Mr Dan Yock Hau, director of CSA's National Cyber Incident Response Centre.
He added: "There have been instances where users were unable to access their files again.”
Giving an update on the global attack's impact on Singapore, he said the agency's Singapore Computer Emergency Response Team (SingCERT) has helped one retail shop owner to clean up its affected systems.
The response team has also offered to help some malls affected by the WannaCrypt ransomware worm. Tiong Bahru Plaza was among the victims, with its digital directory service infected by the worm since late Saturday afternoon.
Ms Karen Siow, the mall's general manager, said in a statement that the service is provided by a third party vendor, adding: "There is no other anticipated impact from this malware as the digital directory systems, from the onset, run on a separate network from the rest of the corporate networks of AsiaMalls."
The CSA said on Saturday that no government agencies or critical information infrastructure (CII) in Singapore have been affected so far.
Reports of the massive cyberattack first emerged in the United Kingdom where several hospitals and clinics had to turn away patients after losing access to their computers. Subsequent reports pointed to telecommunication firms in Spain, international shipper FedEx and departments of the Russian government being hit as well. Security firms said over 70 countries have been affected so far, with Russia, Ukraine, India, and Taiwan among the worst hit.
(An advisory on the Singapore Computer Emergency Response Team (SingCERT)'s website on Saturday (May 13) following the "wannacry" ransomware cyberattacks. Photo: SingCERT)
Following news of the global attacks, companies here are known to be stepping up checks and precautionary measures. Nevertheless, cyber security experts TODAY spoke to said the ransomware attack appears to be random in nature, and not specifically targeted.
The ongoing attacks seemed too "widespread and indiscriminate" to have been the work of terrorist groups which is usually geared at attacking a single country or critical infrastructure, said Mr Anthony Lim, a cybersecurity consultant at Fortinet.
On the seemingly coordinated timing of the attacks around the world, Mr Lim said that such malware, like a virus, could have been spreading innocuously via spam emails or phishing links, among other things, over the past few weeks or so, before being activated on a certain day or time.
Mr Lim also noted the difference between the ongoing global attacks and the advanced persistent threat (APT) attacks which hit the National University of Singapore and Nanyang Technological University last month. The attacks on the two universities were made known by the authorities on Friday. Mr Lim pointed out that APT perpetrators use more stealthy methods which are hard to detect.
Mr Tok Yee Ching, an executive committee member at the Association of Information Security Professionals, said cyber attacks occur on a daily basis. In this current situation, the hackers seem to be trying to demand money from anyone with "inherently vulnerable" security systems which have not been updated or protected adequately, as opposed to seeking to steal government data or intellectual property.
Mr Kane Lightowler, Carbon Black's managing director of Asia-Pacific and Japan, said such large-scale, fast-spreading ransomware attacks were inevitable. The attackers had used old tactics but tapped on a newly-discovered vulnerability in Microsoft Windows to enable the worm to "spread so quickly and indiscriminately across the globe".
He also noted that ransomware-related attacks are usually launched by organised crime groups which are motivated purely by financial gain. "This has become a very lucrative business for them and we will continue to see these attacks rise in both sophistication and occurrence," he said.
He advised affected individuals and organisations against paying the ransom to cyber criminals, as there would be "no guarantee" they would get their files back. Those who pay up could also risk being prime targets for subsequent attacks, he said.
Mr Tony Jarvis, chief strategist of threat prevention in APAC, Middle East & Africa at Check Point Software Technologies, said he is seeing a number of leaked tools which have fallen into the wrong hands. "Because of this, would-be attackers now have powerful tools at their disposal, with the majority of organisations unprepared for such attacks. These factors combine to form a perfect storm for attacks on an unprecedented level," he said.
Warning about possible copycat attacks, Mr Tok said companies could consider spending more on detection mechanisms, or proactively looking for any threats in their networks instead of taking on a "passive defence approach and waiting for something to happen."
He also warned against opening attachments sent by strangers, or downloading illegal software which could come with malicious features, and advised having anti-virus systems installed on computers.
The best way to combat ransomware is a good prevention strategy, through the following steps -
1. Patching applications and operating systems: WannaCry was able to spread quickly by exploiting a vulnerability in Windows that Microsoft had released a patch for in March
2. Backup: Regularly backup all systems and critical data and keep copies offline. This makes recovery quick and simple
3. Use Next Generation Anti-Virus (NGAV) such as Carbon Black Defence: Common antivirus products are ineffective at preventing ransomware attacks and the vectors they use to spread
4. Always remain vigilant when opening attachments: Cybercriminals commonly deploy their ransomware through phishing campaigns that trick a user into clicking a malicious link or opening a malicious attachment. These are often disguised as files from people you trust, such as a friend, family member or even a trusted brand such as your bank. Be very cautious of any email that attempts to create urgency to click a link or attachment.