Ransomware attack still looms in Australia as Government warns WannaCry threat not over
Updated
Australia appears to have escaped the worst fallout from a huge global ransomware attack, but the Prime Minister's cybersecurity adviser has warned that "this is not game over" in the battle between hackers and security agencies.
The attack, known as WannaCrypt or WannaCry, hit 200,000 victims in 150 countries over the weekend, using vulnerabilities in older versions of Microsoft Windows to lock users' files and demand ransom to release them.
The Federal Government says only three Australian companies have been confirmed as being hit so far, but says more could find they have been compromised when staff turn on their computers this morning.
How did the attack occur?
- Attack appeared to be caused by a self-replicating piece of software that takes advantage of vulnerabilities in older versions of Microsoft Windows, security experts say
- It spreads from computer to computer as it finds exposed targets.
- Ransom demands start at $US300 and increase after two hours, a security researcher at Kaspersky Lab says
- Security holes were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has repeatedly published what it says are hacking tools used by the NSA
- Shortly after that disclosure, Microsoft announced it had already issued software "patches" for those holes
- But many companies and individuals have not installed the fixes yet or are using older versions of Windows that the company no longer supports and for which no patch was available
The Prime Minister's cybersecurity adviser Alastair MacGibbon said critical infrastructure had not been damaged by the attack at this stage.
"We will see more victims here and that's very sad always," Mr MacGibbon told the ABC.
"It's always bad for any businesses to be a victim of crime, but as a whole of nation we can be confident so far that we have missed the worst of this.
"We've seen no impact in the health system which is important, we've had no reports of any government agencies impacted by this."
But Mr MacGibbon said the ransomware could be adapted by the criminals and was not willing to say the threat of compromise was over.
"Unfortunately, there are some very smart and bad people out there who spend their times trying to make things worse for us, and this is not game over for us," he said.
Australian authorities have been monitoring the situation in New Zealand, which has an earlier time zone, to determine whether more businesses will be compromised.
"We have seen no spike in accounts, so that gives us some hope that when we turn on our computers in Australia we won't see a huge spike," Mr MacGibbon said.
And he cautioned against paying the ransom before exploring opportunities to regain access to the compromised data with authorities.
"You never want to pay a criminal as there is no honour amongst thieves but ultimately its going to be a business decision if they think they cannot operate without these files," he said.
'It's a wakeup call,' minister says
Assistant Minister for cyber-security Dan Tehan said three small-to-medium sized Australian businesses had been locked out of their systems and found a ransom note.
"This is absolutely a wakeup call," he said.
"We have to understand that ransomware costs the Australian economy $1 billion a year conservatively."
The ransomware has been designed to spread between computers and networks automatically with a "worm functionality", which has allowed it to quickly spread across the world.
Mr Tehan said Government departments had been told to make sure they were not exposed to the ransomware and had updated their systems.
Director for Centre for Cyber Security Research at Deakin University, Professor Yang Xiang, said it was not ethical to pay a ransom for data.
"If you keep paying ransom it's actually helping attackers to grow the industry," he told the ABC.
Comments