Thursday, May 18, 2017

Cyber warning: beware of ransomware attacks

Decades ago, I remember people talking about the possible cyber war in the future. At that time, it did not make any sense to me. But today, it seems what people had feared for years is becoming a reality. The advanced computer technology of the modern age has given birth to many sophisticated hackers who are responsible for some of the deadliest cyber-attacks the world has ever seen in the recent history. The first was the widely publicized hacking of Sony Pictures in November 2014 in which a group named The Guardians of Peace hacked the database of the film studio and released several new films online. Then came the hacking of Hillary Clinton’s campaign during the 2016 US Election which led to the leak of thousands of confidential and private emails of the Democratic Party officials on WikiLeaks. Today, we are seeing another kind of cyber-attack, through a ransomware called WannaCry which has already affected more than 150 countries since last Friday. WannaCry is a malicious software that freezes your computer and demands $300 to be paid online if you want to regain access to your files. What causes more panic for the victims is that the ransomware threatens to permanently delete all the files within a week if the ransom money is not paid. Although there is no guarantee that the access will be granted after paying the money, the analysis of the Bitcoin Wallets has shown that a significant amount has already been paid by the victims in a desperate bid to get back their files and documents.

Freezing your computer and holding you to ransom seems to be a new strategy discovered by hackers to earn easy money. However, the security experts advise that we should never pay the ransom money since it is very unlikely that we can regain access to our documents after making the payment. The hackers are criminals and when we deal with criminals, we cannot expect to have a clean transaction. Moreover, decrypting the files normally requires a human operator to do it manually and the experts do not believe that WannaCry contains the codes that can automatically decrypt the files once the ransom money is paid. Instead, there is every chance that the hackers might increase their ransom demand.

In 2013, I also became a victim of a ransomware when I was in Australia. The moment I opened my laptop and turned it on, the windows failed to load and the following message popped out on the screen instead:
“AFP Australian Federal Police

Dear Amrith, your PC is blocked due to at least one of the reasons specified below. You have been violating “Copyright and Related Rights Law” (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Australia. Article 128 of the Criminal Code provides for a fine of 2 to 5 hundred minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophillia anr etc.) Thus violating article 202 of the Criminal Code of Australia.
Article 202 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years. Illegal access to computer has been initiated from your PC, or you have been… Article 208 of the Criminal Code provides for a fine of up to AUD $100,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of AUD $2,000 to AUD $8,000.”

Although I was not guilty of the allegations, it really freaked me out. I was surprised how my name could be tracked and that made me believe the notice was genuine. I had the option to pay $200 online to regain access to my laptop. I immediately called my IT friends and sought their advice. They told me it could be a virus and that they would come to my place later to check it out. Then a few of my housemates came into my room to see what it was about. Some started panicking for me, while others thought it could be a scam. Since my laptop was frozen, one of my friends brought his laptop and browsed for information to verify the authenticity of the notification. Suddenly, to my great relief, it was found that my laptop was infected with the Australian Federal Police UKash Virus. What was more intriguing about this ransomware was that the virus had access to the in-built webcam and detected the contextual environment of the victim. Moreover, it also retrieved my name from my username on the laptop and addressed me as though they had all my personal details. My IT friend finally restored my laptop to an earlier date on ‘Safe mode’ and removed the virus. That was the most terrible experience I have ever had. I am glad that I did not pay the ransom money.

Although, Bhutan has not yet been affected by the latest cyber-attack, we are still vulnerable if we do not take extra caution to guard our computers against suspicious malwares. The first thing we should do is to install the windows update patch released by Microsoft that is designed to protect our computer against the latest ransomware, WannaCry. It is in the list of ‘Important Updates’ and you should install it if you have not yet done it. The next thing is that we should have an updated anti-virus installed on our computers so that it can monitor the system regularly for any intruding malicious program. Finally, we should not open suspicious emails and links unless we are sure of what they are. If we always remain cautious about our activities online, I think we can stay safe from such ransomware programs and if you ever get victimized, you should never pay the ransom money. Instead, you should try to restore your computer to an earlier date by accessing your computer on ‘Safe mode’ or format the system if you don’t have important documents. One of the best ways to get back your files and documents is to have a separate backup on your external hard-drive so that you can retrieve them even if you computer crashes. In a world where all the information are digitized and stored in the virtual database, we are naturally vulnerable to such cyber-attacks. So, it is very important for us to recognize our vulnerabilities and take appropriate measures to protect ourselves from the reach of hackers.


  1. I agree with you that all these happenings are so scary. Now I am worried how I should copy out all my files from the computer. I am always wondering who are the culprits behind all these cyber terrors. Once we are connected online, we are not guaranteed any safety in the cyber space. Even if there are "Cyber Police" watchdogs, I doubt they could do much in this invisible dimensions.

    Stay Safe Buddy!

  2. You are right. Thank you for the comment.

  3. They identify critical attack paths in a network's infrastructure and provide advice on eliminating these threats. They attempt to bypass security weaknesses to determine exactly how and where the infrastructure can be compromised. How to hire a cybersecurity expert

  4. Hey There. I found your blog using msn. This is a very well written article. I’ll be sure to bookmark it and come back to read more of your useful info. Thanks for the post. I’ll definitely return. target promo code