adv

HK security experts offer advice to avoid WannaCry

Local experts gathered to offer suggestions to avoid ransomware attackAbout 14 months after the Locky ransomware hit Hong Kong, another ransomware WannaCry struck the world over the weekend. This large scale cyberattack has infected 75,000 computers in 99 countries, affecting global companies like FedEx and government like Britain’s National Health Service (NHS) and the numbers continue to rise.


Although no attack was reported in Hong Kong, local security experts yesterday warned Hong Kong businesses to take cautious steps to avoid massive infection in the market. According to the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council issued warning stating "WannaCry was a very vicious malware which would scan for computers with an unpatched Microsoft Windows vulnerability over the Internet and attempt to infect them."


Charles Mok, LegCo member representing IT functional constituency noted most local businesses and schools are more vulnerable to attacks and they are still using older versions of Windows OS. Mok added that Windows 10 users with Windows Update enabled and Windows 7 with updated patch from March 2017 is not affected. But he urged users using older versions of Windows, including Windows XP, Windows 8 and Windows Server 2003 to install security patch and to apply the Microsoft bulletin MS17-010.


According Young Wo Sang convener from Internet Society Hong Kong’s security and privacy working group, there are four steps to prevent the attack from WannaCry.

Step 1 – Check the setting at all Wi-Fi routers and firewall to block traffic from Port 139 and 445

Step 2 – Disconnect all connectivity, including LAN and Wi-Fi traffic before turning on the computer

Step 3 – Back up all necessary files before connecting to the Internet

Step 4 – Update Windows security patches to ensure the latest security update is enabled 


In addition to local security experts, global security providers also offer different suggestions to avoid attacks. Cisco’s intelligent unit Talos recommended users with firewall that can control the domain name to also block this domain name: http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/.


Talos also suggested users with a platform to enable control of file transfer to block files name to prevent additional malware attacks:

  • d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa b.wnry
  • 055c7760512c98c8d51e4427227fe2a7ea3b34ee63178fe78631fa8aa6d15622 c.wnry
  • 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c r.wnry
  • e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b s.wnry
  • 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 taskdl.exe
  • 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d taskse.exe
  • 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 t.wnry
  • b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 u.wnry 

The HKCERT noted that the public may learn more details about the WannaCry security alert from its website (https://www.hkcert.org/my_url/en/alert/17051301). For incidents reporting or enquiries, Hong Kong internet users can also contact the HKCERT hotline at (852) 8105 6060, or email: hkcert@hkcert.org.