Ransomware attack still looms in Australia as Government warns WannaCry threat not over
Australia appears to have escaped the worst fallout from a huge global ransomware attack, but the Prime Minister's cybersecurity adviser has warned that "this is not game over" in the battle between hackers and security agencies.
How did the attack occur?
- Attack appeared to be caused by a self-replicating piece of software that takes advantage of vulnerabilities in older versions of Microsoft Windows, security experts say
- It spreads from computer to computer as it finds exposed targets.
- Ransom demands start at $US300 and increase after two hours, a security researcher at Kaspersky Lab says
- Security holes were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has repeatedly published what it says are hacking tools used by the NSA
- Shortly after that disclosure, Microsoft announced it had already issued software "patches" for those holes
- But many companies and individuals have not installed the fixes yet or are using older versions of Windows that the company no longer supports and for which no patch was available
The attack, known as WannaCrypt or WannaCry, hit 200,000 victims in 150 countries over the weekend, using vulnerabilities in older versions of Microsoft Windows to lock users' files and demand ransom to release them.
The Federal Government this evening confirmed eight Australian businesses had "likely" been affected by the ransomware.
Microsoft said the attack should be a wake-up call for the tech industry and governments not to stockpile knowledge of software vulnerabilities, which could be exploited by hackers and used against customers.
The Prime Minister's cybersecurity adviser Alastair MacGibbon said critical infrastructure had not been damaged by the attack at this stage.
"We will see more victims here and that's very sad always," Mr MacGibbon told the ABC.
"It's always bad for any businesses to be a victim of crime, but as a whole of nation we can be confident so far that we have missed the worst of this.
"We've seen no impact in the health system which is important, we've had no reports of any government agencies impacted by this."
But Mr MacGibbon said the ransomware could be adapted by the criminals and was not willing to say the threat of compromise was over.
"Unfortunately, there are some very smart and bad people out there who spend their times trying to make things worse for us, and this is not game over for us," he said.
Australian authorities have been monitoring the situation in New Zealand, which has an earlier time zone, to determine whether more businesses will be compromised.
"We have seen no spike in accounts, so that gives us some hope that when we turn on our computers in Australia we won't see a huge spike," Mr MacGibbon said.
And he cautioned against paying the ransom before exploring opportunities to regain access to the compromised data with authorities.
"You never want to pay a criminal as there is no honour amongst thieves but ultimately its going to be a business decision if they think they cannot operate without these files," he said.
'It's a wakeup call,' minister says
Assistant Minister for cyber-security Dan Tehan said the ransomware had not affected Australia's critical infrastructure or Government agencies.
"This is absolutely a wakeup call," he said.
"We have to understand that ransomware costs the Australian economy $1 billion a year conservatively."
The ransomware has been designed to spread between computers and networks automatically with a "worm functionality", which has allowed it to quickly spread across the world.
Mr Tehan said Government departments had been told to make sure they were not exposed to the ransomware and had updated their systems.
Director for Centre for Cyber Security Research at Deakin University, Professor Yang Xiang, said it was not ethical to pay a ransom for data.
"If you keep paying ransom it's actually helping attackers to grow the industry," he told the ABC.
'We need governments to consider the damage to civilians'
Microsoft said the latest incident showed how governments were making a dangerous gamble by stockpiling software vulnerabilities, and the WannaCry saga should be a wake-up call for the tech industry.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Microsoft's president Brad Smith wrote in a blog post.
"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."
"We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."
The Prime Minister's cyber adviser Alistair MacGibbon said while "Microsoft was entitled to its opinion … the most important thing we should be talking about today is patching our businesses to reduce the likelihood of criminals getting their way".
The vulnerabilities — or hacking tools — that facilitated these attacks were released a few months ago.
A patch was released by Microsoft in March.
"One of the problems here is that people don't necessarily apply a patch anyway — so even if a vendor is providing a patch, we're never 100 per cent sure that everybody is going to install it anyway," security researcher Matt Suiche told the ABC.
Mr Suiche, a hacker with Comae Technologies, has been researching this ransomware closely.
He discovered and shut down the second variant of the virus.
"The files were exactly the same, the [virus] signature was the same — the only difference is literally the domain name," he told the ABC.
"It appeared only yesterday, so what I would suspect now is they may have a relief period of 24-36 hours"