No attacks detected in Ghanaian networks – NITA
By Nana Appiah Acquaye, Accra, Ghana
The National Information Technology Agency (NITA) has confirmed that as at Sunday, 14 May 2017 at 4:00pm, no attacks have been detected in Ghanaian networks. And as part of contingency plans to avert any threat of attacks on Ghana’s network it has set up a public information hotline to assist the public and network operators in the country following the recent WannaCry ransomware cyber attacks which infected over 230,000 computers in 150 countries.
According to a statement signed by the Acting Director General National IT Agency (NITA), Jeff Konadu Addo and copied to Biztechafrica, the agency is collaborating with the Ministry of Communications, Ministry of National Security and other agencies of state including the Bureau of National Communications, the National Communications Authority, Police CID Cybercrime Unit ensure that preventive measures are put in place to avert any unfortunate situation.
“The National information Technology Agency through CERT-GH has been monitoring the situation since the outbreak and has sent advisories to several network operators and members of the national cybersecurity ecosystem to take preventive measures by patching unpatched Microsoft systems in their networks,” it said.
The WannCry ransomware cyber attack spreads by multiple methods include phishing emails and on unpatched systems as a computer worm.
WannaCry is believed to use the EternalBlue exploit, which was developed by the United States National Security Agency (NSA) to attack computers running Microsoft Windows operating systems. Although a patch to remove the underlying vulnerability for supported systems had been issued on 14 March 2017, delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left many users vulnerable. Due to the scale of the attack, to deal with the unsupported Windows systems, Microsoft has taken the unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards.
The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain's National Health Service (NHS), FedEx and Deutsche Bahn. Other targets in at least 99 countries were also reported to have been attacked around the same time.
Shortly after the attack began a researcher found an effective kill switch, which prevented many new infections, and allowed time to patch systems. This greatly slowed the spread. However, it has been reported that subsequently new versions of the attack have been detected which lack the kill switch, thus allowing them to spread to systems in which the vulnerability has still not been patched.
But NITA said its security team is on high alert to ensure that the Government network is secured and that it has initiate several security interventions to ensure security and stability of government network.
The statement further recommended the use of NITA’s MS patches which was released in March 2017 for unsupported MS operating systems.
“NITA's CERT-GH currently has also made the MS patches released in March 2017 and the just released patches for unsupported MS operating systems available on its web portal for citizens who would like to download. As the attacks hold internet uses to ransom and encrypt the drives so no access to files and documents are possible, we recommends the following precautionary measure for users and system admins as follows:
1. Take all Windows OS systems off the internet and off the network.
2. Create a backup of all files needed.
3. Store backup in an air gapped location.
4. Download windows update (KB4019472) in a sandbox environment.
5. Install the update without connecting to a network/internet.
For people who are using unlicensed operating systems software, patching may not be possible. NITA will thus recommend that such users purchase MS Operation Systems licences so they can patch their systems to prevent being attacked,” it noted.