Johannesburg - Governments around the world are scrambling to catch the culprits behind the WannaCry cyber attacks that are disrupting operations at large organisation across the globe.
Analysts seem to confirm that the attack was launched using suspected NSA code leaked by a group of hackers known as the Shadow Brokers.
Cloud data protection company One Channel says the attack has slowed but warns that new versions of the worm will strike soon.
"Ransomware is the most serious malware threat of the 21st century, with criminals projected to extort billions from their victims in 2017," CEO Bernard Ford said.
South African machines have also fell victim to the virus which encrypts users' data asking for a ransom amount of around R4 000 for a key to release the information.
Numerous local IT companies are on alert after the attack which affected hundreds of thousands of machines globally.
Cyber-security company Kaspersky Lab suggests the following steps be implemented if a user's PC has been infected:
• Install the official patch from Microsoft that closes the vulnerability used in the attack;
• Ensure that security solutions are switched on on all nodes of the network;
• If Kaspersky Lab’s solution is used, ensure that it includes the System Watcher, a behavioural proactive detection component, and that it is switched on;
• Run the Critical Area Scan task in Kaspersky Lab’s solution to detect possible infection as soon as possible (otherwise it will be detected automatically, if not switched off, within 24 hours);
• Reboot the system after detecting MEM: Trojan.Win64.EquationDrug.gen; and
• Use Customer-Specific Threat Intelligence Reporting services.
To protect your machine experts recommend:
• Install anti-malware software – this will give you a fighting chance at stopping this before you are affected;
• Update your windows machine – don’t ignore the security update, they exist for a reason. For businesses patches can be very difficult to get deployed across the entire network - this one you will want to install. It has been available since mid-April and actually stops the exploit from gaining a foothold in your environment.
Once inside the system, the attackers install a rootkit, which enables them to download the software to encrypt the data.
The ransom is then requested to be paid into a BitCoin wallet and is believed to increase over time.
Kaspersky Lab’s researchers confirmed that the company’s protection subsystems detected at least 45 000 infection attempts in 74 countries, most of them in Russia.