Beware ransomware

The term ransomware is not a new one but the word was on everybody’s lips just a few weeks ago when organisations around the world tried to recover their information after being hit by a ransomware attack known as WannaCry.

According to a CNN news article, hospitals, major companies and government offices were among those that were badly affected.

The majority of the attacks targeted Russia, Ukraine and Taiwan.

In addition, hospitals in the United Kingdom, Chinese universities and global firms like Fedex (FDX) were affected.

Last week, Public Administration and Communication Minister Maxi Cuffie, in a press release, said he received an assurance from the managers of the government’s Information and Communications Technology (ICT) infrastructure that there are systems in place to treat with ransomware attacks.

The minister said Government’s ICT infrastructure, GovNeTT, is managed by the National Information and Communication Technology Company Limited (iGovTT) which is supported by contractual agreements with a contractor’s alliance of Fujitsu and a team of ICT companies.

In an interview with Sunday Newsday at iGovTT’s office in Chaguanas last Thursday, Head of Operations, Sherwin Ragoonanan explained that ransomware was one of the newer methods of attack.

“What the attackers try to do is hold your machine to ransom. It typically manifests itself via email when you open an attachment and at that point it starts to encrypt and lock all the files on your machines and you get a notice telling you that if you want a decryption key, you have to pay a certain amount of money to this account and they will send you the key.” He said sometimes paying them works but sometimes it does not.

“The key they send may unlock certain files but you may need to pay more to unlock the rest. So where it really hits is where you don’t have backups in place and you don’t have the ability to really restore and it’s going to take you down hard.” When the attack occurred, iGovTT was notified immediately by Symantec, a company that provides end-to-end protection.

Ragoonanan said the company was well-known for zero day protection.

“That means that on the day of an attack they have been known to come up with methods of prevention in no time.” He said two machines within an organisation in Port-of-Spain were affected by the ransomware but he said it was isolated and did not spread.

Ragoonanan said ransomware does not have any prejudice against who it is attacking.

“It can attack you at home, it can attack you in the office, it can attack the Prime Minister, it can attack a clerk, it does not matter.” People need to do everything they can to protect themselves from these types of attacks. Making sure your virus and malware signatures are up to date is one aspect, Ragoonanan advises adding that the other side of it is changing your behaviour while online.

“Don’t go to websites you don’t know about, you go to a website that gives you funny pop ups, get out of there. You see an email, this is where the email attacks are becoming more successful. They are spoofing from your address book.

You may see an email from someone that you know, and you open it up like normal, you open up the attachments like normal because the attachments may be seemingly innocent, it may be invoices or monthly report, and that is how we get infected.” Asked how vulnerable was this country to these type of attacks, Ragoonanan said very, from the perspective that a lot of people take security for granted.