Communications Authority of Kenya (CA), through the National Kenya Computer Incident Response Team Coordination Centre, has received reports of an encryption-based cyber-attack, in the form of ransomware that is targeting computers running the Windows operating system.
The virus has infected computers in many countries across the globe. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee restoration of access.
CA has advised the public to take several precautionary measures to prevent their systems from falling victim to the attack. The measures include ensuring that you keep an up-to-date backup of your important computer files offline, update your computer’s operating system, ensuring your antivirus is up to date and avoid opening unknown links and emails especially those that contain macros.
However, security researchers have discovered a “vaccine” for the huge cyber-attack. Creation of a single file can stop the attack from infecting a machine.
Researchers have not been able to find a so-called kill switch that would prevent the crippling ransomware from spreading to other vulnerable computers.
Experts are still unsure about the attack’s origins or its real purpose. Given that the ransom amount – $300 (Sh31,110) – was relatively small, some are speculating that the attack may be a front for causing wider disruption or making a political statement.
According to BBC, among the victims of the attack were the Ukrainian central bank, Russian oil giant Rosneft, British advertising firm WPP and US law firm DLA Piper.
Also caught up in the attack was at least one hospital in the US city of Pittsburgh. By creating a read-only file – named perfc – and placing it within a computer’s “C:\Windows” folder, the attack will be stopped in its tracks.
An explanation of how to do this has been posted by security news website Bleeping Computer and has been backed up by several other security experts.
However, while this method is effective, it only protects the individual computer the perfc file is placed on. Researchers have so far been unable to locate a kill switch that would disable the ransomware attack entirely.
“Even though it will make a machine ‘immune’,” explained computer scientist, Prof Alan Woodward, “It is still a ‘carrier’ (to use the biological analogy).”It will still act as a platform to spread the ransomware to other machines on the same network.”
For the vast majority of users, simply running an up-to-date version of Windows will be sufficient to prevent the attack taking hold, were it to infect your PC.
As reported on Tuesday, the method by which victims can pay the ransom fee has been rendered useless. An email address provided by the criminals has been shut down by the hosting provider, while the Bitcoin wallet – where ransoms are deposited – has not been touched.
At the time of writing, the wallet contains approximately $8,000-worth of Bitcoin, not a large return for such a significant and widespread attack.
These factors contribute to a now-prevailing theory that this was a politically motivated attack on Ukraine, coming as it did just as the country is set to celebrate its Constitution Day.
“This looks like a sophisticated attack aimed at generating chaos, not money,” said Prof Woodward.