On Friday, 12 May 2017, a large cyber-attack using wannacry ransomware program targeting Microsoft Windows was launched, infecting over 230,000 computers in 150 countries, demanding ransom payments in bitcoin in 28 languages. The attack spreads by multiple methods include phishing emails and on unpatched systems as a computer worm.
WannaCry is believed to use the EternalBlue exploit, which was developed by the United States National Security Agency (NSA) to attack computers running Microsoft Windows operating systems. Although a patch to remove the underlying vulnerability for supported systems had been issued on 14 March 2017, delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left many users vulnerable. Due to the scale of the attack, to deal with the unsupported Windows systems, Microsoft has taken the unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards.
The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain’s National Health Service (NHS), FedEx and Deutsche Bahn. Other targets in at least 99 countries were also reported to have been attacked around the same time.
Shortly after the attack began a researcher found an effective kill switch, which prevented many new infections, and allowed time to patch systems.
This greatly slowed the spread. However, it has been reported that subsequently new versions of the attack have been detected which lack the kill switch, thus allowing them to spread to systems in which the vulnerability has still not been patched.
The National Information Technology Agency, Ministry of Communications and the Ministry of National Security are aware of the dare consequences of any attack by the ransomware and would like to assure the public that is working hard with agencies of state including the Bureau of National Communications, the National Communications Authority, Police CID Cybercrime Unit.
The National information Technology Agency through CERT-GH has been monitoring the situation since the outbreak and has sent advisories to several network operators and members of the national cybersecurity ecosystem to take preventive measures by patching unpatched Microsoft systems in their networks.
As at Sunday, 14 May 2017 at 4:00pm, no attacks has been detected in Ghanaian networks. In Africa, Kenya, Nigeria, South Africa and Tunisia have had wannacry ransomware attacks over the period of the attack.
The National Information Technology Agency (NITA) security team is on high alert to ensure that the Government network is secured. NITA has put in place several security interventions to ensure security and stability of government network.
A public information hotline has been established at NITA to receive request for assistance from the public and network operators. Request can also be made directly on the CERT-GH portal at http://www.cert-gh.org or via email at email@example.com.
The hotlines are:
- – 0299009327
- – 0299009329
We are still monitoring the situation closely and would be standing by to answer any question on the wannacry ransomware attacks and how to secure your computers from being infested.
NITA’s CERT-GH currently has also made the MS patches released in March 2017 and the just released patches for unsupported MS operating systems available on its web portal for citizens who would like to download.
As the attacks hold internet uses to ransom and encrypt the drives so no access to files and documents are possible, we recommend the following precautionary measure for users and system admins as follows:
- – Take all windows OS systems off the internet and off the network.
- – Create a backup of all files needed.
- – Store backup in an air gapped location.
- – Download windows update(KB4019472) in a sandbox environment.
- – Install the update without connecting to a network/internet.
For person who are using unlicensed operating systems software, patching may not be possible. NITA will thus recommend that such users purchase MS Operation Systems licences so they can patch their systems to prevent being attacked.
Jeff Konadu Addo
(AG. Director General)
National IT Agency (NITA)