How Nigeria escaped ‘WannaCry’ cyber-attack
A very destructive cyber-attack believed to have been ‘waged’ by a group, the Shadow Brokers, was reported penultimate Friday, and took even the technologically advanced countries by surprise. But the attack didn’t hit Nigeria.
Though slowing down now, Information Technology experts have warned of possible fierce comeback of the Ransomware attack, which has inflicted damages on more than 150 countries and over 300, 000 computer systems across the world.
Though some top Federal Government officials said the country hadn’t been attacked as at Thursday because of the counter activities of ‘cyber warriors’ within and outside country, some experts noted that Nigeria has yet to escape it.
The Minister of Communications Adebayo Shittu told participants at a cybersecurity conference in Abuja last week that the attack was not reported anywhere in the country.
However, Remi Afon, the President of Cyber Security Experts Association of Nigeria (CSEAN) told Daily Trust on Sunday that it was possible there might been some unreported cases of attacks in Nigeria.
“Though the officials said we weren’t attacked as there wasn’t any reported case, that doesn’t mean the attack didn’t occur in the country. Let me tell you, Nigerians and their businesses might have been attacked but because there is poor culture of reporting cyber-attack here, people would fail to report”, he said.
To guide against the attack, he said, the government should enact a data protection regulation which makes it compulsory on all organisations to put in place strong data protection strategy.
He said although the ‘WannaCry’ attack has shown that no country has got the capacity to fully protect itself from cyberattack, being ahead of cybercriminals would go a long way in reducing their attacks.
He advised the government to prioritise it efforts and raise cyber security awareness across the country.
But Mike Hinchey, President of International Federation for Information Processing (IFIP) Thursday warned that WannaCry was only the latest in a series of online attacks that are likely to escalate in coming weeks and months.
Mr Hinchey said ICT professionals must take responsibility for ensuring that systems within their domain are up to date and protected from external threats like ransomware or spyware.
“People responsible for procuring, implementing and maintaining ICT systems have a duty of care to ensure that critical infrastructure and data are protected. In our increasingly connected world, where computers run everything from utilities and transport platform to banking systems and even life support facilities in hospitals,” he said.
“Government agencies and companies seeking to save money by delaying software upgrades need to consider the potential cost of leaving key systems undefended against cyber-attacks is much higher than simply losing access to some information.”
The WannaCry attacks were focused on older versions of the Windows operating system (OS) which are no longer automatically supported by Microsoft.
Similarly, experts at Weco System, a Nigerian based IT Security firm, said there was no respite yet as cybercriminals were always lurking around to cause havoc whenever they saw opportunity.
In statement sent to our reporter by the company on the recent cyber-attack, the firm said organizations needed to adopt a bottom-up approach to cyber security to prevent further spread of WannaCry cyberattack and other similar attack in future.
They also warned of possible comeback of another Ransomware variant which would be more destructive than WannaCry and even more difficult to curtail.
They said public and private establishments in the country needed to implement network security best practices to forestall any attack on their computer system.
The statement signed by the company’s spokesperson Mrs Favour Samuel said companies without good security practices and architecture in place might be hit by the WannaCry.
“Nevertheless, the best way to prepare for Ransomware is to deploy a layered security approach that can respond: Before an attack, during an attack and after the attack.
According to the security experts, WannaCry appears to primarily utilize the ‘eternalblue’ modules and the ‘doublepulsar’ backdoor.
A top government official had told Daily Trust on Sunday that because of huge population of Microsoft operating system’s users in Nigeria, Nigeria was a possible target.
“Nigeria has been flagged among the countries to be attacked. Our massive usage of Microsoft Operating System has already made us vulnerable. We may see the true picture next week when work resumes”, the official who is a cybercrime prevention expert told our reporter on phone.
He said it was most likely the attack had already hit the country because it was only reported globally yesterday (Friday).
But the National Information Development Agency (NITDA) said it didn’t receive the report of the attack on any of establishment in the country.
The NITDA’s Director General, Dr Isa Ali Ibrahim Pantami said though attack was not reported anywhere in the country the agency had put some measures in place to prevent it from spreading to Nigeria.
He said Nigerians should quickly report any abnormality noticed in their computer system to: help@cerrt. ng <https://mg.mail.yahoo.com/neo/b/ compose?to=help@cerrt.ng>, support@ cerrt.ng <https://mg.mail.yahoo.com/neo/b/ compose?to=support@cerrt.ng>, incident@ cerrt.ng <https://mg.mail.yahoo.com/neo/b/ compose?to=incident@cerrt.ng>.
He said the ransomware attack was exploiting vulnerabilities in the Microsoft Windows operating System especially those not currently supported such as Windows XP, Windows 8, Windows Server 2003.
“Microsoft released a patch for the vulnerability in March and machines that were updated with the patch would have been automatically protected”, Dr Pantami said.
Media reports say the massive cyberattack which is using tools believed to have been stolen from the US National Security Agency (NSA) came to limelight Friday when many organisations noticed disruption in their online activities.
Cyber-security firm Avast said it had seen 75,000 cases of the ransomware - known as WannaCry and variants of that name around the world.
Among the worst hit was the National Health Service (NHS) in England and Scotland, according to media reports.
The malware spread quickly with medical staff in the UK reportedly seeing computers go down “one by one”.
NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer.
Throughout the day other, mainly European countries, reported infections.
Some media reports said Russia was most hit by the infection. Domestic banks, the interior and health ministries, the stateowned Russian railway firm and the second largest mobile phone network were all reported to have been hit.
Russia’s interior ministry said 1,000 of its computers had been infected but the virus was swiftly dealt with and no sensitive data was compromised.
In Spain, a number of large firms including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural - were also hit, with reports that staff at the firms were told to turn off their computers.
France’s car-maker Renault, Portugal Telecom, the US delivery company FedEx and a local authority in Sweden were also affected.
China has not officially commented on any attacks it may have suffered, but comments on social media said a university computer lab had been compromised. Who is behind it? The infections seem to be deployed via a worm - a program that spreads by itself between computers.
Most other malicious programmes rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.
By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.
Some experts say the attack may have been built to exploit a weakness in Microsoft systems that had been identified by the NSA and given the name EternalBlue.
The NSA tools were stolen by a group of hackers known as The Shadow Brokers, who made it freely available <http://www.bbc. co.uk/news/technology-39553241> in April, saying it was a “protest” about US President Donald Trump.
At the time, some cyber-security experts said some of the malware was real, but old.
A patch for the vulnerability was released by Microsoft in March, which would have automatically protected those computers with Windows Update enabled.
Microsoft had said it would roll out the update to users of older operating systems “that no longer receive mainstream support”, such Windows XP (which the NHS still largely uses), Windows 8 and Windows Server 2003.