Canberra IT infrastructure that failed to update after WannaCry could be vulnerable to the latest global cyber attack, an internet security expert has warned.
Centre for Internet Safety director Nigel Phair said the ransomware was likely using a similar weakness exploited in May by the WannaCry virus that crippled thousands of computers across the world.
The ransomware virus has hit networks across the globe, from the Ukraine to Washington DC.
Wannacry locked users out of their computers, demanding cash and hitting several networks in Australia, including a Melbourne traffic camera operator just last week.
“The moral of the story coming out of this is many organisations never patched for WannaCry and we don’t know how many patched since then” Mr Phair said.
“It’s a government town, so if government networks haven’t been patched against it they’ll be vulnerable come 8:55am.”
It has been reported Australian staff for international law firm DLA Piper have been told their IT networks are compromised. DLA Piper did have a Canberra-based office, but it shut its doors in April.
Like WannaCry, the latest ransomware locks users out of an infected computer, demanding payment before it decrypts files kept on the computer.
If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine. pic.twitter.com/IqwzWdlrX6
— Hacker Fantastic (@hackerfantastic) June 27, 2017
Mr Phair said bigger government departments, like Defence or the ATO, were likely secure but it was other infrastructure, like hospitals or airports, which may be vulnerable.
The ransomware, which is going by the names of Petya, NotPetya or Goldeneye, is believed to be using an exploit created by the US’ cyber intelligence arm, the National Security Agency.
Mr Phair said these exploits were only dangerous when they got leaked, but they obviously were.
“You do have encryption backdoors or even front doors. Who gets access to it? And whats the security around that access? What happens when it gets leaked, as we learnt with WannaCry.”
— Security Response (@threatintel) June 27, 2017
Mr Phair said the best way to explain the way this ransomware worked was to picture a street where each house was a computer network and the ransomware, a burglar, was going door to door.
The burglar would easily gain access to houses which had failed to update their security.
“The reality is we’re only a couple of weeks from WannaCry and we don’t know what were going to see in the next couple of weeks,” Mr Phair said.
Multiple users online have reported the virus can be cheated if, upon booting up your computer, you’re presented with the a MS-DOS-esque screen with the characters CHKDSK and a loading function.
If people see these characters, they should immediately shut down or disconnect their computer from its power source.
More to come.
Do you know more? Get in touch via [email protected] or using the app Signal on your smart phone via 0437 464 126.