There will be another attack wave sooner or later, said Trost. — dpa
Days after a ransomware virus took tens of thousands of computers worldwide hostage, the threat posed by the WannaCry hack is still far from gone.
An attack like this will happen again, says Ruediger Trost, an IT security expert from software company F-Secure.
In the meantime, what should affected consumers do, and is it worth paying the ransom demanded by the hackers to unlock the user's encrypted files?
dpa: The global cyber attack was stopped on Friday when someone accidentally hit a kill switch that was built into the software. Does that mean it's all over?
Trost: That's only a short-term solution. We can assume that there will be another attack wave sooner or later, because this has proven that this relatively old Windows security issue can be easily exploited.
dpa: What makes the software so special?
Trost: The automatic spread of malicious software among computers has been around for a long time - the "Conficker" worm in 2008 is one example. But it's the first time we see this with ransomware. Prior to this, a computer wouldn't usually get infected unless you ran a manipulated Word macro or clicked on a website.
dpa: What can users do?
Trost: It's important that users install the Microsoft update that addresses the security issue. They should definitely make sure they are using an up-to-date virus scanner and a firewall both for external and internal networks.
dpa: Should you back up data regularly?
Trost: Definitely, because if your computer gets hit, there really is little else you can do except for using the backups - or ultimately pay.
dpa: But isn't ransomware also capable of encrypting backups?
Trost: It depends. If the backup directory just appears as a drive in the directory, there's a good chance that it will get encrypted as well. This would be the worst-case scenario. But there are ways of creating a backup so that the system can't easily access it.
dpa: How do you feel about whether one should pay the required ransom?
Trost: Germany's Federal Office for Information Security (BSI) says you shouldn't ever pay because it only makes the problem worse. That is true. But if there's no way to get the data and it happens to be of critical importance to a company, for instance, without which it may be forced to shut down - then they may have no choice but to pay.
dpa: But do the attackers keep their word?
Trost: The business model is actually based on the fact that people pay and recover their data. However, this doesn't remove the Trojan from the computer, of course. And one can assume that files will be encrypted again at a later date to coerce an even higher ransom.
dpa: The enormous extent of the attack is said to be largely due to a security gap previously exploited by the NSA for their purposes and subsequently released by hackers - can the intelligence services carry on as they have?
Trost: The NSA and other intelligence services deserve criticism for keeping the public in the dark about security issues and using them for their own purposes instead of allowing them to be addressed. This has led to computers around the world becoming less secure. Sooner or later, every security loophole will come to light. That is why this strategy needs to be reconsidered.
dpa: Do you believe that the attack will serve as a wake-up call, making it more likely that businesses and consumers will install updates to close security gaps sooner?
Trost: It's generally common knowledge that you should install updates to fix weak spots. But even in 2008, there were cases where computers were infected with the worm two years later because the patches hadn't been installed. There is a lesson to be learned from this latest attack. But those who haven't got the message by now are unlikely to learn after this. — dpa