In the days following the Easter holiday, a Ransomware attack hit Spectranet and Smile routers and affected users were unable to access the default homepage of the router.
The attacker reconfigured the WiFi SSID to Jisatsu (a Japanese term meaning to commit suicide) and then changed the devices’ DNS settings so that all traffic to them would be redirected to the ransom landing page.
Table of Contents
What is Ransomware?
A ransomware is a malware(malicious software) designed to deny access to computer system or devices until a ransom is paid.It is a financially motivated cyber attack.
Types of Ransomware
There are three main types of ransomware namely: Scareware,Encrypted Ransomware and Screen locker
A scareware isn’t that Scary.You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.
This is the Scariest of all ransomware.In this case,the attacker denies you access to your files and encrypts them.They go ahead to demanding payment in order to decrypt . The reason why this type of ransomware is so dangerous is because once cyber criminals get a hold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.
When lock-screen ransomware gets on your computer, it means you’re frozen out of your device entirely.
However, the ransomware used in the attack on Spectranet and Smile does not exactly encrypt users’ data, it locked the the user out of the router’s hinepageIt is a screen locker variant.This makes it kind of easy to fix without paying the ransom.
How to fix a Router Affected by Ransomware
Resetting an affected router back to the factory default settings could restore it, after which, a new admin password should be set. Here are the steps:
- Turn on your mobile WiFi.
- Remove the back cover of your device.
- Reset device by using a pin to press the reset button for 5 seconds. This will restart the WiFi, restoring the default settings.
- Log on to the device
- Open your web browser to access the admin web interface (username:
- Go to the settings page and click on network settings.
- Set the DNS to Auto (or you can use Google DNS 18.104.22.168)
How to Prevent Future Occurrences.
We believe this attack was made possible because many users did not change the default passwords on their routers, so gaining access was easy.
Another speculation we have is that there might have been a vulnerability on the routers whose exploitation led to the attack. Here are some things you can do to avoid future occurrences:
- Change the admin password on the web interface.
- Update your router firmware.
- Hide your SSID
You can read more on the ransomware attack on benjamindada.com