The Department of Information and Communications Technology on Monday warned the public to be cautious while doing their online activities, as a global ransomware attack is currently in progress.
DICT Secretary Rodolfo Salalima said in a statement the sophisticated ransomware, known as ‘Wanna Cry’ or ‘Wanna Decryptor,’ was exploiting a vulnerability in Microsoft’s Windows operating system.
“This malware is designed to spread laterally on a network by gaining unauthorized access to the IPC share on network resources on the network on which it is operating. It is also believed that this ransomware is spread through phishing emails, malicious adverts on websites, and questionable apps and programs,” the department said.
“Users are advised to be extremely cautious in their online activities,” it said.
Globe Telecom said its security operations center averted more than 900 malware attempts so far. “Globe has invested in top-of-the-line information security to protect valuable customer data and information technology systems against malware, believing that in the digital age, information security has never been more vital and relevant,” said Globe chief technology and information officer Gil Genio.
Cyber security company FortiGuard Labs said that on May 12, it began tracking a new ransomware variant that spread rapidly throughout the day.
“It is a highly virulent strain of a self-replicating ransomware that has impacted such far-flung organizations as the Russian Interior Ministry, Chinese universities, Hungarian and Spanish telcos, and hospitals and clinics run by the British National Health Services. It is especially notable for its multi-language ransom demands that support more than two-dozen languages,” said Fortinet senior security strategist Aamir Lakhani.
DICT said to mitigate the ransomware threats, the public should ensure their anti-virus software was up-to-date and implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location.
The agency said netizens should scrutinize links contained in e-mails and should not open attachments included in unsolicited e-mails.
“Only download software – especially free software – from sites you know and trust and enable automated patches for your operating system and Web browser,” DICT said.
The DICT said its Office for CyberSecurity and Enabling Technologies was currently looking for new innovative ways to do isolation.