As the highly publicised Wana Decryptor or WannaCry ransomware attacks continue to hit businesses, the Australian Government has revealed the number of local victims had reached 12 and more were suspected.
Reports suggest that the list of victims globally had more than doubled in the last few days, but Australia seems to have escaped the worst of the attacks with the Federal Government saying it and the country’s critical infrastructure had been thus far unaffected.
On 15 May, the minister assisting the prime minister for Cyber Security, Dan Tehan, warned local small to medium businesses to take urgent action to reduce the risk of infection.
“As of 6pm AEST there had been eight reports of Australian small businesses affected by what has likely been ‘WannaCry or WannaCrypt’ ransomware,” Tehan said in a statement.
He added that the ransomware had not affected Australia’s critical infrastructure or Government agencies.
"Small business owners should be pro-active about their cyber security in the wake of this ransomware campaign affecting computers around the world," Tehan said.
"If your business has been infected you should isolate the affected computer from your network to prevent the software spreading and use backup data to restore information.’
Similarly, the Australian Government’s Stay Smart Online service has warned businesses, households and individuals take steps now to protect computers, networks and devices.
“The Australian Cyber Security Centre (ACSC) has been engaging with Australian businesses and industry sectors over the weekend to ensure they are aware of the threat and have taken appropriate measures,” the agency said in a statement.
“A small number of businesses have reported likely infection and there will likely be more cases in days to come.”
The Malware is so effective because it exploits a Windows vulnerability patched in March by Microsoft. The attacks became so widespread that the vendor also released patches targeting out-of-support versions of Windows including Windows XP, Windows Server 2003 and Windows 8.
Europe bore the brunt of the initial attack which hit more than 75,000 victims over the weekend including the UK National Health Service (NHS), the Russian Government, the Spanish telecommunications sector, German Railways and US-based FedEx Corp.
Now researchers at Symantec and Kaspersky Lab are saying some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korean operation.
The theory surfaced after a Google researcher, Neel Mehta, issued a tweet containing a set of characters referring to two portions of code in a pair of malware samples and a hashtag #WannaCryptAttribution. Researchers have since linked the code to the North Korea.
Both firms said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta. The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.
While investigations continue, other cyber security companies are warning that this is just the tip of the iceberg.
Researchers at Bitdefender warned that the attack was going to be one of the most serious threat for the next 12 months.
“Unless, Microsoft decides to do something about it, such as force an update. It has been done before and the scope of the current threat could justify doing it again, in a controlled and coordinates manner, with support from authorities and the security industry,” Bitdefender chief security strategist Alexandru Catalin Cosoi, said.
“Although borderline legal, our experience with cyber-crime has proven that legislation is often lagging when it comes to regulation, which is why cooperation between law enforcement and security vendors is needed now more than ever.
“The worst case scenario is for state-actors to use the vulnerability to install backdoors in other governments' public institutions. They could even install the fix/updates themselves, so that nobody else would be able to use the same vulnerability," he said.
Locally, Seccom Global managing director, Michael Demery said that, individual behaviour as much as controls could prevent attacks and the local spread so far showed Australia holding up well.
"As in most instances when an organisation is the victim of an attack, having implemented strong security controls would most likely have minimised the impact, if not stopped the event from occurring in the first place,” he said.
“Every person in an organisation has a part to play to ensure that the business remains safe from attacks like the Wanna threats.
“If you do not take Cyber threats seriously, then it is simply a matter of time before you will fall victim to such an attack,” he said.