If you are having trouble viewing this email, click here to view this online



   ISSUE 70

31 May 2017

Article of the Month Around the World

Alert: Multiple Ransomware Spreading Rapidly - WannaCry



Systems Affected

All versions of Windows including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10.

Threat Level



Malicious software or "ransomware" has been used in a massive hacking attack, affecting tens of thousands of computers worldwide. Software security companies said a ransomware worm called "WannaCry" infected about 57,000 computer systems in 99 countries on Friday, with Russia, Ukraine, and Taiwan being the top targets.

The hack forced British hospitals to turn away patients, affected Spanish companies such as Telefonica, and threw other government agencies and businesses into chaos.

Ransomware is a programme that gets into your computer, either by clicking or downloading malicious files. It then holds your data as ransom.

Some security researchers say the infections in the case of WannaCry seem to be deployed via a worm, spreading by itself within a network rather than relying on humans to spread it by clicking on an infected attachment.

The programme encrypts your files and demands payment in order to regain access.

Security experts warn there is no guarantee that access will be granted after payment.

Some forms of ransomware execute programmes that can lock your computer entirely, only showing a message to make payment in order to log in again.

Others create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.


WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore. It targets Microsoft's widely used Windows operating system. When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300. The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline of when the target will lose its data forever.

Payment is only accepted in bitcoin.

The ransomware's name is WCry, but analysts are also using variants such as WannaCry.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the US' National Security Agency (NSA), according cyber-security providers.

Solution/ Workarounds

The effected PCs should be immediately disconnected from the network.

Contact your virus guard providers/ Security Vendors for necessary actions.

As an immediate action, email attachments should be blocked relating to following files but not limited to .pdf (encapsulating a .js javascript)/*.hta/.doc macro based Microsoft word) or related executables.

Have all files backed up in a completely separate system.
This ransomware targets all versions of Windows including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10.
Clients should ensure that they are patched on MS17-010.
Disable the outdated protocol SMBv1.
Isolate unpatched systems from the larger network Recovery:
As of now, there are no know recovery methods available.
Do not try to pay the ransom
Ensure you have smart screen (in Internet Explorer) turned on, which helps identify reported phishing and malware websites and helps you make informed decisions about downloads
Have a pop-up blocker running on your web browser
Regularly backup your important files


FinCSIRT Sri Lanka http://www.aljazeera.com/news/2017/05/ransomware-avoid-170513041345145.html


The information provided here in is on "as is" basis, without warranty of any kind.

























1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru

  Windows 7 hardest hit by WannaCry worm


"....he majority of machines hit by the WannaCry ransomware worm in the cyber-attack earlier this month were running Windows 7, security firms suggest.
More than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software...."


WannaCry: What you need to know


"...The unprecedented outbreak of Trojan ransomware WannaCry has created a worldwide plague affecting home users and businesses. We have already posted some basics about WannaCry, and in this post we will provide further advice particularly for businesses. It is urgent and critical to know what WannaCry is, how it spreads, what dangers it poses, and how to stop it...."

  Cryptocurrency miner Adylkuzz attack could be bigger than WannaCry

'...The attackers behind WanaCrypt0r/WannaCry were not the only cybercriminals putting DoublePulsar and EternalBlue to use this weekend, as Proofpoint spotted the stolen NSA tools being used with the cryptocurrency miner Adylkuzz......'

Google Chrome flaw could allow Windows credential theft



'...A bug in Google's popular web browser Chrome could enable bad actors to place a malicious file onto a target PC that could then be used to siphon off Windows credentials and initiate a Server Message Block (SMB) relay attack, according to a post by Bosko Stankovic, an information security engineer at DefenseCode....'

FBI Issues Alert Warning College Students of Employment Scams


'....The FBI�s Internet Crime Complaint Center (IC3) issued a public service announcement earlier this week, urging college students to remain vigilant of rampant employment scams. According to the PSA, scammers continue to target students across the US by advertising phony job opportunities on college employment websites or emailing students� university accounts....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in April 2017
  Statistics - Sri Lanka CERT|CC

If you bought $100 of bitcoin 7 years ago, you'd be sitting on $75 million now

'...Monday marks the seven-year anniversary of Bitcoin Pizza Day � the moment a programmer named Laszlo Hanyecz spent 10,000 bitcoin on two Papa John's pizzas.

More important than the episode being widely recognized as the first transaction using the cryptocurrency is what it tells us about the bitcoin rally that saw it break through the $2,100 and $2,200 marks on Monday......'


"...In the market for a used phone? Second-hand devices come with a lower cost, but might have a suspicious history.

Before purchasing a used smartphone, try make sure it's not actually registered as lost or stolen.

If you are wandering around with a stolen phone, the original owner might request it be blocked from carrier networks or locked entirely so you're unable to use it. There's now a quick way to check a device's status though...."
There�s now a WannaCry decryptor tool for most Windows versions

�..Since researcher Marcus Hutchins (aka MalwareTech) registered a (previously non-existent) killswitch domain for the malware and stopped its onslaught, the domain has been under attack by Mirai-powered botnets....�
5 ways to stop future global malware attacks

."...The global WannaCry ransomware attack, which crippled hospitals, government organizations, companies and individuals around the world, didn�t have to happen. It was no grand technological feat perpetrated by genius hacker masterminds. Instead, it took advantage of the lazy, patchwork way organizations handle security and the seamy roles that the National Security Agency (NSA) and big tech companies play in undermining security in the internet age....."

Notice Board
  Training and Awareness Programmes - May  2017
2017-05-04 ICT Branch, Ministry of Education ICT Society Programme
2017-05-03 to 05 CHPB - Pelawatta e-content Development workshop for combined mathematics in Sinhala & Tamil Medium
2017-05-22 CHPB - Pelawatta Workshop to include past papers to e-thaksalawa
2017-05-22 NIE - Maharagama Workshop Restructuring Ruwanpura & other NCOE Syllabus

Brought to you by: