AVAST will Keep Supporting Windows XP for 3 Years
In case you haven't heard, Microsoft will end support for Windows XP users on April…
Last week saw what has been described as the single worst ransomware attack in history. The massive assault featured software called ‘WannaCry’, which hit countries across the world and caused a huge amount of damage to computer networks. Avast helped protect hundreds of thousands of users from the threat, and have committed to preventing similar attacks in the future.
The software mainly targeted business networks, although there were many instances of personal computers falling victim. It affected a range of countries, mainly Russia (where more than half of the reported cases took place), Taiwan, and Ukraine.
The British National Health Service was also affected, with hospitals lacking the technology to properly defend against the attack. This affected patient care and led to criticism of the health service’s capabilities in dealing with such situations.
The software took advantage of a common security glitch. How common? Well, Avast’s research found that around 15% of its users suffered from this blind spot, which would have rendered them helpless without additional protection. WannaCry didn’t specifically target any institutions, simply seeking any networks lacking the necessary defences.
Once targeted, the software then took steps to encrypt all the files on the victim’s machine, rendering them totally inaccessible to the user without spending a large amount of money on repair. This is a common ransomware technique – the attacker then generally demands a payment in return for the decryption of the files.
The software represents a worrying development in the world of ransomware, in the fact that it operates as a worm. This means it has the ability to spread itself, without much intervention required from the original hackers.
Jakub Kroustek, the head of Avast’s Threat Lab Team, outlined what made this attack different in an interview with Radio Prague. He said, “It is still not common for ransomware to act as a computer worm, but this one did. This is the special aspect; that it was trying to spread itself on its own. There were no exploit kits or the other more usual delivery methods.”
This really depends on how you define successful. From the attackers’ financial point of view, it was probably something of a failure.
This is because their estimated gain from the operation was only around $70 000, which seems pretty puny in comparison to the amount of work that clearly went into the software, and the damage that was done.
If their goal was to inflict as much damage as possible, it could certainly be argued that they got what they wanted. Not only were large networks compromised in several different countries, but it provoked widespread concern about security and caused many organisations to reassess their defences.
Perhaps the most troubling outcome of the attack is that the software worked. This proves to cyber-criminals with similar aspirations that large-scale ransomware attacks can be successful, and may encourage a wave of related outbreaks.
In fact, the days following the initial attack have seen a string of ‘copycat’ software, which claims to have encrypted the user’s files and demands a ransom for their return. Fortunately, these are generally far less serious, and many rely on tricking the victim into believing they are a real ransomware threat.
If you were unlucky enough to fall victim to the attack, WannaCry will most likely demand a certain amount of money in exchange for your files. In most cases, this ransom was anywhere between $300 and $600, and failure to pay would supposedly result in the loss of your files.
Avast, however, have suggested that this is a mostly empty threat, and WannaCry is unlikely to delete any files. They have also urged users against paying the ransom, because it offers no guarantee of getting any files returned, and a high success rate could be an incentive for future attacks.
The best thing to do is revert to a backup of your files and just wipe your computer. If that’s not an option, it may be possible to get your files professionally recovered, but that won’t be free of charge.
The events should serve as a warning to users – make sure your anti-virus software is up-to-date and you have taken measures such as backing up files and avoiding risky online behaviour.
According to Avast, their software successfully protected over 250,000 networks from the attack, which is as good a reason as any to trust their software. They have committed to taking steps in the future to tackle ransomware, which is being increasingly viewed as the biggest threat to online security in today’s world.