Ransomware and Routers – Spectranet and Smile Ransomeware Hit

Spectranet and smile hit by Ransomware

In the days following the Easter holiday, a Ransomware attack hit Spectranet and Smile routers and affected users were unable to access the default homepage of the router.

The attacker reconfigured the WiFi SSID to Jisatsu (a Japanese term meaning to commit suicide) and then changed the devices’ DNS settings so that all traffic to them would be redirected to the ransom landing page.

What is Ransomware?

A ransomware is a malware(malicious software) designed to deny access to computer system or devices until a ransom is paid.It is a financially motivated cyber attack.

Types of Ransomware

There are three main types of ransomware namely: Scareware,Encrypted Ransomware and Screen locker

Scareware

A scareware isn’t that Scary.You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.

Encrypted Ransomware

This is the Scariest of all ransomware.In this case,the attacker denies you access to your files and encrypts them.They go ahead to demanding payment in order to decrypt . The reason why this type of ransomware is so dangerous is because once cyber criminals get a hold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.

Screen Locker

When lock-screen ransomware gets on your computer, it means you’re frozen out of your device entirely.

However, the ransomware used in the attack on Spectranet and Smile  does not exactly encrypt users’ data, it locked the the user out of the router’s hinepageIt is a screen locker variant.This makes it kind of easy to fix without paying the ransom.

How to fix a Router Affected by Ransomware

Resetting an affected router back to the factory default settings could restore it, after which, a new admin password should be set. Here are the steps:

  • Turn on your mobile WiFi.
  • Remove the back cover of your device.
  • Reset device by using a pin to press the reset button for 5 seconds. This will restart the WiFi, restoring the default settings.
  • Log on to the device
  • Open your web browser to access the admin web interface (username: admin; password: admin)
  • Go to the settings page and click on network settings.
  • Set the DNS to Auto (or you can use Google DNS 8.8.8.8)

How to Prevent Future Occurrences.

We believe this attack was made possible because many users did not change the default passwords on their routers, so gaining access was easy.

Another speculation we have is that there might have been a vulnerability on the routers whose exploitation led to the attack. Here are some things you can do to avoid future occurrences:

  • Change the admin password on the web interface.
  • Update your router firmware.
  • Hide your SSID

You can read more on the ransomware attack on benjamindada.com

Total
0
Shares
0 0 votes
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
clothing
5 years ago

Hi there very nice site!! Guy .. Beautiful .. Amazing ..

I’ll bookmark your website and take the feeds also? I am happy to seek out a lot of helpful information here
in the publish, we want work out extra strategies on this regard, thank you for sharing.
. . . . .

Prev
Facebook May Face $5 Billion FTC Fine For Data Misuse
Facebook

Facebook May Face $5 Billion FTC Fine For Data Misuse

Facebook said on Wednesday that it expects the ongoing investigation from the

Next
NaijaSecCon2019 -The Most Technical Cyber Security Conference in Nigeria.
Cyber security Conference in Nigeria

NaijaSecCon2019 -The Most Technical Cyber Security Conference in Nigeria.

NaijaSecCon2019- Are You Ready?

You May Also Like
1
0
Would love your thoughts, please comment.x
()
x