Richard
JF-Expert Member
- Oct 23, 2006
- 14,957
- 20,517
Wadukuzi wameingilia mifumo ya kompyuta wakitumia virusi moja kiitwacho Ransomware na kingine "WannaCry" ambavyo vinaingia katika mifumo wa kompyuta kwa kupitia mfumo wa barua pepe na matangazo ibukizi yaani "popups".
Kirusi cha Ransomware kinatumia picha maalum za kujitokeza ziitwazo popups ambazo ukigonga zinafungua njia nzima ya mfumo wa kompyuta yako na kusambaza kirusi hicho.
Kirusi cha WannaCry kinatumia mfumo wa kompyuta wa Windows hasa Windows 2007 na windows 2008 ambazo zinasemekana zipo kwenye mstrari wa mashambulizi kwa muda mrefu sasa.
Baada ya virusi hivyo kuingia katika Kompyuta yako, vinashambulia mafaili ya aina zote na kuyafunga kitendo kinachoitwa Encryption na kutoa onyo kwamba kama malipo ya dola 300 hayatotekelezwa, basi mafaili hayo yote yatateketezwa.
Message showing the infected computer.
Several countries in the world have been hit by a ‘cyber attack’ throwing hospitals and several organisations IT systems into chaos.
The software locks computers and asks for a digital ransom before control is safely returned.
Ransomware attacks are not new, but the speed of the recent hackings has alarmed security experts.
In a few hours, the malware had already infected victims in at least 74 countries, including Russia, Turkey, Germany, Vietnam, and the Philippines - and is thought to be spreading at a rate of five million emails per hour.
In United Kingdom the attack, which is believed to have impacted hospitals across the country is reportedly a case of so-called ‘ransomware’ being installed on a number of NHS IT systems.
Various trusts around the country have confirmed they’ve been hit by a ‘cyber attack’ - with various others posting screenshots of computers hit with the virus.
The pictures show a message appearing on a screen informing the user that their files have been encrypted - demanding a ransom to be paid in order to free up the files.
What is ransomware?
According to TrendMicro - a Japanese multinational security software company - ransomware is a piece of software which quite literally holds your computer to ransom.
It can take a number of forms - such as locking a user’s access to their computer, to encrypting files on your hard drive, rendering them inaccessible.
Those holding the computers to ransom demand payment - usually through an online system such as Bitcoin - in order to make the computers usable again.
The Trend Micro website says: “Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid.
“More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.”
However tempting it may seem to simply pay the ransom, Trend Micro warns that paying such fees does not guarantee they will actually decrypt your files.
How does ransomware get on your computer?
Ransomware is often installed on computers through what is known as phishing.
This is where the user receives a fake email claiming to be from a friend or relative - or even an organisation such as a bank.
The e-mails are often extremely convincing, leading users to click links or download attachments from the email - which then install the ransomware on your computer.
The WannaCry virus which attacked NHS systems in UK targets Microsoft's widely used Windows operating system.
The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.
It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.
It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.
What are the hackers asking for?
The hackers are asking for payments of around GBP 230 or Euro 271 ($300) in Bitcoin.
Payments can be sent to at least two anonymous Bitcoin wallets that are routed through the Dark Web and cannot be traced.
Payments appear to be being made to the Bitcoin addresses given in the NHS attack.
It is not possible to say who has paid the ransom so far.
The picture showing affected 74 countries around the world.
Who could be behind the attacks?
The ransomware attack is one of the largest ever seen.
One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name.
Some of the organisations affected do not appear to have been specifically targeted by the attack, meaning it could be spreading at random.
A number of different groups could be behind the string of hackings.
While it is possible a large cyber criminal gang are responsible, the attacks could also be government-orchestrated.
It has previously been suggested that a string of ransomware attacks on US companies last year were perpetrated by Chinese government hackers.
How is it removed?
Basic levels of ransomware can be removed by putting Windows in Safe Mode.
The user will then need to run an antivirus system to find and delete the software.
However, removing malicious code depends completely on what kind of system a company or organisation has.
Outdated operating systems are easier prey to hackers – often because their security certificates have lapsed.
How to protect yourself from ransomware
Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:
1. Use reputable antivirus software and a firewall
2. Back up your computer often
3. Set up a popup blocker
4. Be cautious about clicking links inside emails or on suspicious websites
5. If you do receive a ransom note, disconnect from the Internet
6. Alert authorities
Until Friday night there was no any reports of attacks from Africa although the attacks could have already occurred at some point this weekend.
Source: various international news.
Kirusi cha Ransomware kinatumia picha maalum za kujitokeza ziitwazo popups ambazo ukigonga zinafungua njia nzima ya mfumo wa kompyuta yako na kusambaza kirusi hicho.
Kirusi cha WannaCry kinatumia mfumo wa kompyuta wa Windows hasa Windows 2007 na windows 2008 ambazo zinasemekana zipo kwenye mstrari wa mashambulizi kwa muda mrefu sasa.
Baada ya virusi hivyo kuingia katika Kompyuta yako, vinashambulia mafaili ya aina zote na kuyafunga kitendo kinachoitwa Encryption na kutoa onyo kwamba kama malipo ya dola 300 hayatotekelezwa, basi mafaili hayo yote yatateketezwa.
Message showing the infected computer.
Several countries in the world have been hit by a ‘cyber attack’ throwing hospitals and several organisations IT systems into chaos.
The software locks computers and asks for a digital ransom before control is safely returned.
Ransomware attacks are not new, but the speed of the recent hackings has alarmed security experts.
In a few hours, the malware had already infected victims in at least 74 countries, including Russia, Turkey, Germany, Vietnam, and the Philippines - and is thought to be spreading at a rate of five million emails per hour.
In United Kingdom the attack, which is believed to have impacted hospitals across the country is reportedly a case of so-called ‘ransomware’ being installed on a number of NHS IT systems.
Various trusts around the country have confirmed they’ve been hit by a ‘cyber attack’ - with various others posting screenshots of computers hit with the virus.
The pictures show a message appearing on a screen informing the user that their files have been encrypted - demanding a ransom to be paid in order to free up the files.
What is ransomware?
According to TrendMicro - a Japanese multinational security software company - ransomware is a piece of software which quite literally holds your computer to ransom.
It can take a number of forms - such as locking a user’s access to their computer, to encrypting files on your hard drive, rendering them inaccessible.
Those holding the computers to ransom demand payment - usually through an online system such as Bitcoin - in order to make the computers usable again.
The Trend Micro website says: “Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid.
“More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.”
However tempting it may seem to simply pay the ransom, Trend Micro warns that paying such fees does not guarantee they will actually decrypt your files.
How does ransomware get on your computer?
Ransomware is often installed on computers through what is known as phishing.
This is where the user receives a fake email claiming to be from a friend or relative - or even an organisation such as a bank.
The e-mails are often extremely convincing, leading users to click links or download attachments from the email - which then install the ransomware on your computer.
The WannaCry virus which attacked NHS systems in UK targets Microsoft's widely used Windows operating system.
The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.
It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.
It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.
What are the hackers asking for?
The hackers are asking for payments of around GBP 230 or Euro 271 ($300) in Bitcoin.
Payments can be sent to at least two anonymous Bitcoin wallets that are routed through the Dark Web and cannot be traced.
Payments appear to be being made to the Bitcoin addresses given in the NHS attack.
It is not possible to say who has paid the ransom so far.
The picture showing affected 74 countries around the world.
Who could be behind the attacks?
The ransomware attack is one of the largest ever seen.
One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name.
Some of the organisations affected do not appear to have been specifically targeted by the attack, meaning it could be spreading at random.
A number of different groups could be behind the string of hackings.
While it is possible a large cyber criminal gang are responsible, the attacks could also be government-orchestrated.
It has previously been suggested that a string of ransomware attacks on US companies last year were perpetrated by Chinese government hackers.
How is it removed?
Basic levels of ransomware can be removed by putting Windows in Safe Mode.
The user will then need to run an antivirus system to find and delete the software.
However, removing malicious code depends completely on what kind of system a company or organisation has.
Outdated operating systems are easier prey to hackers – often because their security certificates have lapsed.
How to protect yourself from ransomware
Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:
1. Use reputable antivirus software and a firewall
2. Back up your computer often
3. Set up a popup blocker
4. Be cautious about clicking links inside emails or on suspicious websites
5. If you do receive a ransom note, disconnect from the Internet
6. Alert authorities
Until Friday night there was no any reports of attacks from Africa although the attacks could have already occurred at some point this weekend.
Source: various international news.