This weekend the largest ever ransomware attack in the world has been hitting computer systems of private and public organisations in hundreds of countries, NZTech chief executive Graeme Muller says.
Spread via phishing emails where an email that appears to come from someone people know encourages them to open an attachment or click on a link, only to deposit a small piece of malicious code on your system. The bug looks for machines running unpatched versions of Microsoft Windows and then spreads across your network infecting other machines as it goes, Muller says.
“Called a ransomware as it locks people out of their files and demands a ransom before they can access them again. While the ransom is relatively small at around $NZ430 per computer, the criminals who are collecting the ransom will be making millions having successfully taken down large organisations such as the NHS (UK’s National Health Service), Telefonica and FedEx as well as thousands of smaller businesses.
“As a result, the recently launched New Zealand Computer Emergency Response Team (CERT) is getting its first real test this weekend and have provided excellent advice for Kiwis.
“First, don’t open suspicious emails or emails from unknown people. Secondly, ensure that you keep your computer updates up to date. In this case ensure the Microsoft patch (MS17-010) released in March has been installed by running an update. Finally, you can also reduce the risk by blocking international emails for a few days until the wave passes.
“If you do get attacked the only option you have is to pay the ransom or throw away your computer. If you get attacked disconnect from any network you are on to prevent it attacking someone else. If you are running a computer with Microsoft XP or 2003 operating systems turn it off now as there are no patches available for these older systems.
“For organisations that require further support or more specified advice, we appeal Kiwis and NZ organisations log an incident on the CERT website at cert.govt.nz.
“Cyber-attacks by ransomware have increased by 50 percent in the past year, according to a study by Verizon and the total cost of cyber-attacks has been estimated to worth over $NZ400 billion a year now.”
This is a very low risk yet highly profitable form of crime but Muller says not to expect it to go away. In fact, it will only get worse until we learn how to be better at keeping our systems up to date and not responding to random emails, he says.