Zimbabwe is one of the countries hit by the massive cyber-attack called WannaCry ransomware which has attacked computers in 104 countries including Russia, the UK, Ukraine and China. In the UK, hospitals and medical practices were infected resulting in the cancellation of medical appointments.
A global cyber-security firm, Avast, reported over the weekend that more than 57,000 attacks have been detected so far.
A map of countries infected shows several African countries including Zimbabwe, South Africa, Tanzania, Angola and Nigeria on the list:
The main targets are however the countries in red.
What is this WannaCry ransomware
First, the concept of ransomware: Ransomware uses a typical ransom situation, except this is like a virus* that will block your access to files until you pay the person who unleashed it on your computer.
This WannaCry is doing exactly that. It is encrypting files and demanding that victims pay $300 worth of bitcoins to have the files unlocked. If you don’t know what bitcoin is, you can read more about bitcoin here.
Ransomware is normally targeted at businesses and important individuals who are generally perceived to have more to lose if they don’t pay the ransom.
Here’s a screen produced by WannaCry ransomware that’s asking for payment:
Ransomware type attacks are not new to Zimbabwe, and in fact we’ll explain in another article how this type of cyber-attack has been on the increase locally.
Who is behind the WannaCry Ransomware attacks
The tools used for this attack are suspected to have been stolen from the US government’s National Security Agency (NSA). The attack is taking advantage of a vulnerability in computers running Microsoft Windows.
Microsoft itself has issued an update of their software to plug the holes but there are lots of computers out there that are not updated for one reason or the other.
In Zimbabwe, many Windows computers stay unpatched. For consumers it is usually the problem of expensive mobile data which drives people to just keep Windows updates turned off altogether. For companies, it’s a combination of reasons, from ignorance to security just not being a priority.
16 comments
Was hoping the article might include more info on how to protect ourselves? Just make sure we have most recent Windows updates? What about antivirus software – does it provide any protection…??
Windows Defender is turned on by default in the latest version of Windows when no antivirus is detected. Just keeping your version of Windows up to date will protect you from this attack.
Here: http://www.techzim.co.zw/2017/05/protect-massive-cyber-attack-wannacry-faq/
How do we protect ourselves from this virus, does it come through email/ program downloads??
Here: http://www.techzim.co.zw/2017/05/protect-massive-cyber-attack-wannacry-faq/
Please explain how Zimbabwe is “targeted”?
Zimbabwe is not really “targeted”. In fact, no particular country is. This is just a ransom-ware that is targeting any system it can get its hands on. So instead of thinking “targeted”, think “has been detected in”. Countries that were not on that map may already be now or may soon be. Yesterday when this virus was briefly stopped by MalwareTech Zimbabwe wasn’t even on the map yet AFAICT.
correct.. this is the point i was trying to make. the author of this article has now edited the article. he/she specifically said that Zimbabwe had been targeted initially.
disable smb feature under programs and features then reboot your machine
This will stop the virus from propagating via SMB but if it gets on your system some other way like email attachments, compromised websites etc you will still be vulnerable.
On my Ubuntu 16.04 I have nothing to fear from this malware. With flash disabled,UFW a VPN it will be hard to get me. Not impossible but not worth the effort. Some people simply refuse to see sense and continue to use Windows XP. Well if you are one of those people RIP.
Not to mention that it’s a binary specifically compiled for Windows so even if it found a way to your system, e.g. via an email attachment, it won’t even run.
Wanacry – there was a leak of NSA tools by a group called the ShadowBrockers in which there was exploit code namely EternalBlue that targets SMBv1 on Windows XP and Windows Server 2003. This exploit code is wormable and some criminals managed to modify the code to turn it into a infection vector for spreading the ransomware. The ransomware spreads via SMBv1 and it should not be able to affect newer window OS
Microsoft Security Bulletin MS17-010 – Critical : Security Update for Microsoft Windows SMB Server (4013389)
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
All OS / Server patch links.
On my Ubuntu 16.04 I have nothing to fear from this malware. With flash disabled,UFW a VPN it will be hard to get me. Not impossible but not worth the effort. Some people simply refuse to see sense and continue to use Windows XP. Well if you are one of those people Rest In Peace.kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk. But if you can disable smb feature under programs and features then reboot your machine and you are okay.
No you won’t be OK. You will have closed one hole it can use to get to your machine or get to other machines from yours but if it finds some other way to get to your machine e.g. an infected USB stick you will still be toast. Server Message Block (SMB) Protocol is a network file sharing protocol. It only uses it to propagate so it can spread to other machines.