East Africa: Rwanda On Alert Over Latest Cyber Threat

East Africa: Rwanda On Alert Over Latest Cyber Threat

Rwanda Information Society Authority (RISA) has pledged stronger cooperation with the public in enhancing cyber security for all computers in Rwanda amid an alert over an outbreak of a security attack that has affected over 150 countries.

According to a statement, the cyber security attack is known as ransomeware and bears different variations like WannaCrypt, WannaCry, WannaCryptor or Wcrya.

The broad based ransomware attack has appeared in at least eight Asian nations, a dozen countries in Europe, Turkey and the United Arab Emirates and Argentina and appears to be sweeping around the globe, researchers said.

“It is also important to bring to your attention that the cyber-attack mostly affects computers that run Microsoft Operating Systems, by automatically encrypting the files and blocking the user’s access to the entire system,” it reads in part.

Over the last decade Rwanda’s strong growth through ICT promotion has brought untold opportunities and prosperity in the country. And as we globally face this challenge in cyber security, as a country we strongly believe that an integrated strategy to ensure effective regulation to our cyber security is significant at this point.

To mitigate this outbreak, RISA in the statement gave a set of actions to ensure lasting national prevention and protection:

1. Users are required to maintain daily backups of critical data including application, databases, mails systems, and user’s files. Backups should be regularly tested for data restoration.

2. All computers should be installed with latest security updates (specifically including MS17-010. Patch)

3. Until the security patch is applied, the Server Message Block v1 (SMB v1) should be disabled on all computers. (Refer to the following link: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-distable-smbv1-smbv2,-andsmbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,windows-8,-and-windows-server-2012)

4. The LAN perimeter firewall should be configured with a rule to block all incoming SMB traffic on port 445.

5. All computers should be upgraded to Windows 10 to benefit from the latest protection from Microsoft. The Windows Defender Antivirus, which can detect the above malware, should also be enabled on all Windows systems.

6. Ensure your Antivirus signatures are up to date as major vendors are all working to deliver updated signatures to detect/ prevent this.

7. All users are advised not to open any suspicious email especially one that have an attachment, furthermore all users are advised not to download any files that they are not sure of the source.

“We are taking comprehensive action to strengthen our information and communications technology sector countrywide. However, in case of any compromise or attack, RISA advises that the affected computer/PC must be removed from the network and the incident must also be reported to Rwanda Computer Security Incident Response team with immediate effect. (Hotline 4045/ Email: security@rdb.rw),” it says.

Who is behind this cyber-attack?

WannaCry exploited a vulnerability in the Windows operating system believed to have been developed by the United States’ National Security Agency (NSA), which became public last month.

It was among a large number of hacking tools and other files that a group known as the Shadow Brokers released on the Internet. Shadow Brokers said that they obtained it from a secret NSA server.

The identity of Shadow Brokers is unknown though many security experts believe the group that surfaced in 2016 is linked to the Russian government.

Source: The New Times