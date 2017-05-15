The virus, called WannaCry, WanaCrypt0r 2.0 or WCry?, seizes control of a user's computer and encrypts all data until a ransom is paid to the cyber criminal in the form of Bitcoin.
The outbreak has infected major organisations, including the National Health Service in the UK, Telefonica in Spain, and French car manufacturer Renault. It is estimated more than 200 000 computers have been infected in more than 150 countries.
WannaCry is differentiated from other ransomware as no human interaction is needed for the virus to be activated on a system. Normally, attackers would send out a link via social media or e-mail, and for the virus to be activated on a computer, users would need to click the suspicious link.
WannaCry exploits a vulnerability believed to have been built by the US National Security Agency to spy on people.
In SA, Craig Rosewarne, MD of Wolfpack Information Risk, says there has been an impact locally but at this stage it is confined to a couple of small to medium corporates.
He says his team is looking to where it is going, with fears it will move to critical infrastructure such as the mining, medical, traffic control and banking industries in SA.
A Pandora's Box has been opened and I don't see it stopping.
Guy Golan, CEO of Performanta Group, says he cannot reveal infected clients' identities but did say his company is working with global organisations that have a strong regional presence, as well as smaller firms.
The first wave of WannaCry attacks started towards the end of last week. Golan says the second wave is currently happening and started at 4am this morning.
"We do envisage more local breaches this week."
Vault 7 detailed how the US CIA performed electronic surveillance and cyber warfare. This information is now being used by the ‘bad guys', says Golan.
"A Pandora's Box has been opened and I don't see it stopping."
Golan says companies should make sure all their systems are up to date and patched using the latest patch released by Microsoft two months ago.
Individuals should perform regular anti-virus checks and backup any data they are not willing to lose, to a hard drive that is disconnected from a computer, or a cloud system like Google Drive or One Drive.
The asking price to unencrypt data by cyber criminals has been reported to be between $300 and $100 000 per attack. Golan says this is very little compared to the alternative costs the virus is causing.
His team of 30 people in the UK, Australia and SA have been working non-stop for the past 72 hours with no sleep to defend clients. He says this will cost the company nearly R1 000 per person, per hour.
His advises victims to not pay ransoms but rather to call a technician to restore the machine from a backup.
Healthcare systems, individuals who do not keep their personal computers updated, and dispersed organisations such as insurance companies, are the most at risk and will be the biggest casualties, says Golan.
