#Wannacry: Ransomware attack wave could come to Middle East

Companies and government agencies across MENA are on high alert as a virus that takes over vulnerable computers spreads worldwide.
4 min read
15 May, 2017
The virus demands ransom in return for decrypting blocked data on infected systems [AFP]

As the working week begins for much of the world on Monday (or Sunday for much of the Arab world) and office workers turn on their computers, a massive cyber attack that hit mainly Europe appears to be spreading to the Middle East.

Reports have already surfaced suggesting the 'ransomware' WannaCry virus - which has spread across 150 countries since Friday - hit Saudi Telecoms on Sunday, with photos circulated on social media claiming to show infected company computers.

STC were quick to issue a denial on Sunday, but many are unconvinced given that Saudi Arabia is a prime target for hackers.

"The company clarifies that its networks and systems were not affected, thank God, and further that what was shown in the media relates to some personal devices which specialised technical teams will address," Saudi Arabia's biggest telecoms operator said in a statement on Sunday.

Ransomware is a malicious software that blocks access to data on an affected computer until a ransom is paid and displays a message requesting payment to unlock it.

Computers running unpatched old operating systems, such as Windows XP, are particularly vulnerable. The virus is usually delivered via malicious e-mail attachments. Some experts suggest WannaCry is based on exploits first developed by the US National Security Agency (NSA).

Saudi Arabia and the United Arab Emirates are among the countries most targeted by ransomware attacks in the region

Middle East vulnerable

Saudi Arabia and the UAE are among the countries most targeted by ransomware attacks in the region, a report from cybersecurity firm Symantec said earlier this month.

Morocco, Tunisia, Algeria and Jordan are also vulnerable.

Companies and government agencies in the region are on high-alert and say it is only a matter of time before the current ransomware wave of attack infects computer systems in the region.

"None of our clients have reported anything so far, but you feel as if it's a matter of time before we hear about infections, because [the virus] gets hold of everyone's emails and spreads itself that way," an unnamed UAE-based IT consultant told Gulf News on Monday.

Many government agencies across the Middle East reportedly continue to use unsupported operating software, regularly updating which would largely protect against the WannaCry virus.

"I can't even imagine the extent of the damage in MENA [Middle East and North Africa] due to Windows XP dependence," said Matthieu Suiche, founder of cybersecurity firm Comae Technologies, in a post on Twitter.

The current attackers are thought to be criminal gangs. However, previous cyber-attacks that targeted Saudi Arabia using Shamoon, a different malware, were thought to be linked to nation states, allegedly Iran

Criminals and nation states

The current attackers are thought to be criminal gangs. However, previous cyberattacks that targeted Saudi Arabia using Shamoon, a different malware, were thought to be linked to nation states, allegedly Iran.

A devastating attack in December disabled thousands of computers across multiple government ministries in Saudi Arabia, and brought back memories of a similar attack on the country's flagship oil company Aramco in 2012.

Iran, itself, was the target of cyberattacks using the infamous Stuxnet virus, which hit crucial nuclear and infrastructure facilities.

"While some of these attacks are the work of organised criminal gangs, for the first time nation states appear to be involved as well. Symantec uncovered evidence linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland," Hussam Sidani, regional manager for Symantec Gulf, told Gulf News.
A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA
'Like a Tomahawk missile'

The new indiscriminate wave of attack began on Friday striking banks, hospitals and government agencies across the world.

US package delivery giant FedEx, European car factories, Spanish telecoms giant Telefonica, the UK's National Health Service and Germany's Deutsche Bahn rail network were among those hit, according to AFP.

The attack looks like this: Images appear on victims' screens demanding payment of $300 in the virtual currency Bitcoin, saying "Ooops, your files have been encrypted!"

Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.

The culprits used a digital code believed to have been developed by the US National Security Agency - and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA, Kaspersky said.

Brad Smith, Microsoft's president and chief legal officer, said in a blog post Sunday that it was in fact the NSA that developed the code being used in the attack.

He warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers - not sell, store or exploit them, lest they fall into the wrong hands.

"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen," Smith wrote.

"The governments of the world should treat this attack as a wake up call."

With input from AFP