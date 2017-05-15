Singapore malls fell victim to WannaCry ransomware

However, no sensitive information from Tiong Bahru Plaza and White Sands was leaked and the affected systems have been fixed.

Singapore malls fell victim to the global ransomware attack known as 'WannaCry', 'WanaCrypt0r', or 'WCRY' over the weekend.

Wannacry leverages a Window exploit that may have been used by the U.S. National Security Agency for spying. It is capable of spreading over the network by looking for and infecting vulnerable systems. Once infected, the malware encrypts files on the system and exhorts a ransom payment in bitcoin for the data to be decrypted.

Digital signages at Tiong Bahru Plaza and White Sands were believed to have been infected by the malware as they showed a ransom message on the mall directory on Saturday (13 May 2017).

Karen Siow, Tiong Bahru Plaza's general manager, said the mall's management was aware of the malware at about 5pm on Saturday, and that the affected systems did not contain any sensitive information.

"There is no other anticipated impact from this malware as the digital directory systems, from the onset, run on a separate network from the rest of the corporate networks of AsiaMalls [which owns both Tiong Bahru Plaza and White Sands]," she told Channel NewsAsia (CNA).

The digital directory service at both malls is run by a third-party vendor, MediaOnline International.

According to CNA, MediaOnline International's investigation found that an isolated network containing one server and 12 systems were hit by the ransomware. The 12 systems did not have the latest software patch installed and the network was registered under a public IP address.

"[As of Sunday], we have fixed all the affected systems by replacing the HDD with a new master image with all latest MS patches, disabled SMB access and hardened the system by using a higher security mode of operation," Dennis So, MediaOnline director, told CNA.

In a company blog post, security company Kaspersky Lab said that it found more than 45,000 cases of WannaCry attacks in 74 countries globally within a day.

Even though a researcher going by name Malwaretech managed to suspend infection by registering the web domain, it may not be enough to stop WannaCry for good.

As such, the Cyber Security Agency of Singapore (CSA) advised users to play their part and download the patch that Microsoft has published for the vulnerability, especially for those using Windows XP, Windows Server 2003 and Windows 8.

Users should also download attachments or click links in "uninvited documents" only after verifying the source.

Besides that, CSA urged users to "backup their important files and document, and run an active anti-virus security suite of tools on their systems."

While there are no known ways to recover files encrypted by WannaCry, CSA said that users whose systems have been infected should remove the network connection from their computer to prevent the ransomware from spreading. They should then rebuild their effected computer, patch it with the recommended patch, and restore the system from the backup.

