The recent global cybersecurity attack – the WannaCry ransomware which infected over 200,000 systems in 150 countries – sparked widespread concern in cybersecurity prevention. 

On 1 June 2017, KPMG in Thailand held a seminar on ‘Understanding Ransomware: Key Lessons from WannaCry’, in which key expert in cybersecurity explained and gave a demonstration on ransomware and how to proactively prevent it.

So what exactly is ransomware? Ransomware is a type of malicious software that infects your machine or device and renders the device (or the data on the device) unusable until a ransom is paid. The data is typically rendered unusable by encryption, which is a process of scrambling the information so you can only regain access to the data or device if you pay a sum to the cyber criminal that caused the infection. The latest variants of ransomware can also encrypt entire websites, any backup data you may hold, and even system files in your computer. Some ransomware not only stops you from gaining access to your data, but also threatens to create a privacy issue for you and unless the ransom is paid it will upload your data to the public internet.

Ransomware is not a new phenomenon and has in fact been around for over 20 years. The first known attack was initiated in 1989 by Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference. In 2013, ‘CryptoLocker’, a ransomware, was launched in a worldwide attack. CryptoLocker infected more than 250,000 systems and earned more than USD3 million for its creators.* ‘WannaCry’ ransomware cryptoworm is the latest global cyberattack which encrypted data in infected systems and demanded ransom payments in the Bitcoin cryptocurrency.

Although anti-virus and anti-malware solutions should always be used, most ransomware is written to evade these tools. So what can you do when you realize your systems have been attacked?

Firstly, you must isolate the infected computer from the network immediately to prevent the ransomware from attacking network, shared drives or backup system. If possible, change all online account and network passwords after removing the system from the network: Furthermore, change all system passwords once the malware is removed from the system.

However, according to KPMG in Thailand’s Manager in Information Protection and Business Resilience, Prathan Phongthiproek, proactive prevention is the best way to protect your systems. “Three key areas – People, Process and Technology should be evaluated by the organization in order to perform proactive prevention from Cyber-attack. The right technology should be put in place, the awareness training should be conducted both user and management level, the appropriate process control should be well-defined and enforced,” he said.

KPMG in Thailand believes that the best form of protecting your systems against ransomware is through proactive prevention. KPMG in Thailand’s Ransomware Advisory Services helps conducts reviews of a system’s prevention, detection and reaction capabilities in your organization for dealing with ransomware. Not only ransomware, KPMG also helps with protection against shameware and other extortion-driven attacks.

Thai Version: 
บริษัทเคพีเอ็มจี อธิบายภัยจาก Ransomware และ บทเรียนสำคัญจาก WannaCry

http://www.securityfocus.com/columnists/102

http://www.bbc.com/news/technology-25506020

KPMG in Thailand, with more than 1,500 professionals offering audit, tax, and advisory services, is a member firm of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity.

Ploi Phayakvichien
Tel: 02 677 2034
ploi@kpmg.co.th