The first and so far the only time I was personally involved, (or to be more precise my son who at that time was eleven years old), in a cyber-attack by ransomware was in 2012. The computer of my son was apparently blocked by the Federal Criminal Police Office due to some illegal actions, such as sending spam mails and even worse. At least that’s what appeared on the screen in poor German. Strangely enough a fee of 100 Euros would unblock the computer. Well, I wondered how the 100 Euros would affect the illegal activities, my eleven year old boy had committed but you never know. Even though it was obvious that we didn’t get into trouble with the public authorities, my son was not amused by the fact that his computer was out of order. In fact, he must have felt exactly how the latest cyber attack has been dubbed: WannaCry.
On Friday, the 12th of May, the world experienced the largest and unprecedented cyber-attack by ransomware yet recorded. In contrast to the so-called Federal Criminal Police Office virus, WannaCry has not only affected users in Germany but also in more than 150 countries. Within a day more than 230,000 computers had been infected, including parts of the British National Health Service, Spain’s Telefónica, FedEx as well as the German Railways. Among the highest-profile corporate victims was French auto maker Renault SA, which was forced to shut down factories across Europe. The ransomware is designed to spread quickly after infecting computers. Files on affected computers were encrypted, and users were told to pay a ransom with bitcoin, an untraceable online currency, to unscramble them.
WannaCry moves between Microsoft Windows devices as a worm and interacts with a malicious command and control center using an anonymity network called TOR. So far, the virus hasn’t been blamed for destroying hardware itself. Where users have backed up data, long-term damage likely can be limited. But some targets responding to the attack had to shut down entire systems to help combat or slow the virus.
The attack took advantage of security vulnerabilities in Microsoft Corp. software that was either too old to be supported by security patches or hadn’t been patched by users. Microsoft said that the software tool used in the attack came from code stolen from the National Security Agency. The NSA has declined to comment on the matter.
None of the infected computers had installed a March 14 software patch by Microsoft that stopped the worm, either because they were running older versions of Microsoft Windows that no longer received software updates, or because companies had simply delayed installing the software.
Besides software updates in order to keep your system up to date and therefore safe from attacks, web filters also help to protect your hardware from cyber-attacks such as ransomware WannaCry. Teldat’s webfilter for instance prevents the initial infection by phishing emails and thus keeps your system safe and secure against viruses, worms, Trojans and other mal- or ransomware.