It was the first computer worm to be paired with ransomware, which encrypts data on victims’ computers and demands a ransom to restore access.The linkage shows that despite the Obama and Trump administrations’ efforts to deter North Korean aggression, the country does not appear to have been discouraged from launching one of the most wide-ranging cyberattacks the world has seen.
Last year, security researchers also identified North Korea as the culprit behind a series of cyber-enabled intrusions of banks in Asia, including one in Bangladesh that netted more than $81 million.
The fact of a nation-state using cyber tools to rob banks, then-NSA Deputy Director Richard Ledgett said in March, represented “a troubling new front in cyberwarfare.” He did not name North Korea, but the allusion was clear. “This is a big deal,” he said.
A cyber tool, stolen from the NSA, took advantage of a software flaw in some Microsoft Windows operating systems that allowed an attacker to gain access to those computers.
Although Microsoft, after being notified by the NSA, issued a patch for the software flaw in March, many companies around the world and some in the United States failed to update their machines and fell victim to the virus.
On Friday night, though, an unnamed cybersecurity researcher and Darien Huss, from security firm Proofpoint, found a way to stop the malicious software from spreading.
He bought the domain he discovered in the malicious code for just $10.69 and noticed that it was registering thousands of connections every second. Basically, the malware has been making requests to that particular domain name and once these requests came back showing the domain was live, a “kill switch” was activated, stopping the malware from spreading.
We’re not out of the woods yet though, it seems. “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again,” said the unlikely hero.
Protecting your business
So just what can you do to protect your business from this malware, and other pieces of malicious software that are making the rounds?
Organizations should make sure they have a properly configured firewall and have the latest Windows security updates installed, in particular MS17-010, to prevent spreading.
He went on to say that, as a general rule of thumb, companies should always use a “robust” security solution, keep software up to date and limit the use of browser plugins.
Make sure to do regular daily back-ups, so that you can get up and running again quickly if you are attacked. And don’t open email attachments from someone you don’t know,” Gaffney added.
Also be extremely suspicious of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
Cybersecurity firms are looking for longer-lasting solutions, but unfortunately in many cases encrypted files cannot be retrieved. This is a stark reminder of the importance of maintaining good cybersecurity practices and off-site backups of your data.
Hooks Systems of Wilmington, NC, performs all of these security services and many more for our clients including 24 x 7 monitoring of their networks and complete network security assessments.
The Washington Post-Ellen Nakashima
Tech City News-Emily Spaven, on Twitter at @emilyspaven
The Associated Press