Qatar National Information Security Centre (Q-cert) at the Ministry of Transport and Communications has issued a directive suggesting “All entities and institutions in Qatar should be aware of a ransomware malware, which has hit over 99 countries in the last two days and is set to continue proliferating.”
The Qcert statement said, “A number of proactive steps were adopted, and a team of specialists at the centre is on alert to contain or eradicate any reported infections by the malware. Q-Cert provides nationwide cyber security response services and they can be reached by e-mail: firstname.lastname@example.org or Qcert hotline: 44933408.”
Speaking to Gulf Times, Dr Marc Dacier, research director - Cyber Security at Qatar Computing Research Institute under Hamad Bin Khalifa University said, "A new worm that breaks into Windows machines is spreading. Microsoft has published a patch - everyone should update their machines immediately. Services using shared servers should not be exposed to the Internet. Desktop firewalls should be used by everyone, together with professional anti-virus products.”
The patch is available at https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
according to Dr Dacier.
Ghareeb Saad, senior security researcher, Kaspersky Lab, told Gulf Times that the Kaspersky Lab’s researchers have confirmed the detection of at least 45,000 infection attempts in the last few days.
“The ransomware infects victims by exploiting a Microsoft Windows vulnerability. Once inside the system, the attackers install a rootkit, which enables them to download the software to encrypt the data. A request for $600 in Bitcoin is displayed along with the wallet – and the ransom demand increases over time,” explained Saad.
“Kaspersky Lab experts are currently trying to determine whether it is possible to decrypt data locked in the attack – with the aim of developing a decryption tool as soon as possible,” added Saad.
"The latest ransomware attack, namely wannacry, is a classical worm spreading by scanning IP addresses for machines that can be remotely attacked. If there are machines in Qatar that are vulnerable and if they are scanned, they will likely be compromised. Hadn’t the worm be stopped in its expansion by the activation of a “kill switch” by a security researcher, it is reasonable to assume that some machines in Qatar would have been compromised, just like in the rest of the world," explained Dr Dacier.
"The worm appears to be contained for the time being but little effort would be required from the attacker to launch an updated version to contaminate the vulnerable machines that haven’t been infected yet," the official cautioned.
"Every company should have a security policy in place to enforce timely deployment of patches, to make sure that every machine facing the Internet is protected by a firewall. All machines within the corporate network are also to be protected by a desktop firewall and every machine should run an up to date anti-virus system, and that intrusion detection systems are in place inside and outside the perimeter of the enterprise. These are some of the most basic security best practices," he suggested.
To view full news, please click here.