The Guyana National Cyber-security Incident Response Team (GNCIRT) says that a global ransomware attack is currently in progress and is advising citizens to be cautious of what they access the internet, according to a statement from the Ministry of the Presidency.
The self-spreading ransomware, known as “Wanna Cry” or “Wanna Decryptor”, exploits vulnerability in Microsoft’s Windows operating system. It is believed that this ransomware is spread through phishing emails, malicious adverts on websites, and questionable apps and programmes.
GNCIRT urges users not to open unsolicited or suspicious emails or links, attachments included in unsolicited emails, links to unfamiliar or nefarious websites and download applications and programmes that have not been verified by an official store.
“In the event that your computer has been infected with the “Wanna Cry” ransomware, take the following steps; disconnect and quarantine the infected system by removing it from your network and apply the latest Microsoft patch to all computer systems,” the statement advised.
For further information and support, please contact GNCIRT at telephone numbers 660-6074 or 231-8820, extension 221 or 222; or [email protected]. Future updates will be provided as more information becomes available.
GNCIRT’s warning comes on the heels of a massive worldwide ransomware campaign that has affected computers in thousands of locations around the world.
There have been reports of infections in as many as 74 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.
According to a report from the BBC, several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the US National Security Agency (NSA).
A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.
Microsoft said on Friday it would roll out the update to users of older operating systems “that no longer receive mainstream support”, such Windows XP (which the NHS still largely uses), Windows 8 and Windows Server 2003.
Some security researchers have pointed out that the infections seem to be deployed via a worm – a program that spreads by itself between computers.
According to the BBC Bitcoin wallets seemingly associated with the ransomware were reported to have already started filling up with cash.
Ransomware works with hackers taking control of a victims computer or workstation by encrypting their data and demanding a ransom payment to decrypt them. In most cases the payment method used is hard to trace such as digital currency ‘Bitcoin.’