Sun, 28 Nov 2021 Today's Paper

CERT/CC warns Computer users high risk virus attack

30 January 2019 08:29 am - 2     - {{hitsCtrl.values.hits}}


The Computer Emergency Readiness Team (CERT|CC) and Coordination Centre yesterday warned computer users to be cautious of infecting ‘Rumba’ ransomware when downloading fake Windows updates, cracks for pirated software, freeware software tools as well as corrupted links and torrents.

Speaking to the Daily Mirror (CERT|CC) Information Security Engineer Ravindu Meegasmulla said five complaints had been received by them from people who had downloaded freeware video editing software and other freeware software tools and updates. All versions of Windows including Windows 7, Windows 8.1 and Windows 10 are prone to this virus attack.

It can also approach in the guise of a fake system or programme update. Also, it can use spam emails that seem legitimate on the surface to deceive the victims, supposedly, the email may be from a well-known company. The contents urge you to click a link or download an attachment.

Rumba ransomware is the crypto virus that was discovered on January 19, 2019. It is a variant of the infamous Djvu virus which belongs to STOP ransomware family and uses the Advanced Encryption Standard (AES) - an encryption algorithm to encode personnel files.

Mr.Meegasmulla said, after affecting the various personal documents, pictures, videos, databases would be encrypted to ‘.rumba’ file extension and display a message saying ‘ALL YOUR FILES ARE ENCRYPTED. Don't worry, you can return all your files! All your files documents, photos, databases and other important are encrypted with the strongest encryption and unique key.

He said the virus also said to purchase decrypt tool to restore the decrypt files but could decrypt only one file for free. The price of private key and decrypt software was $980 and 50% discount would be available if the victim contacts the cyber criminals within the first 72 hours, that's price for you was $490. “Please note that you'll never restore your data without payment. Check your e-mail “Spam” folder if you don't get an answer within 6 hours,” the message also said.

Still the CERT|CC did not find a way to decrypt the files and advised the general public not to make any payments to the cyber-criminals, Mr. Meegasmulla said.

He said people advised to keep a backup copy of their personal documents and keep updated with their windows operating system and anti-various software.

Also advised not to download or run software updates that are prompted by third-party sites. Keep in mind not to open suspicious e-mail attachments, he said.

If you do need to update your software, directly get it updated through the vendor’s website, he added. According to foreign media, Rumba ransomware had been spotted attacking computers in Germany, Hungary, Poland, Turkey, Chile, Thailand, Egypt, and other countries. The main distribution methods used for this version is cracks from a variety of software that is bundled on third-party sites, as well as fake Windows updates. (Chaturanga Samarawickrama)

  Comments - 2

  • nsathees Wednesday, 30 January 2019 08:59 AM

    I suggest Sri Lankans to switch to Ubuntu. anyway We don't have money to pay royalty to M$. Ubuntu is free and open source!

    sennan Wednesday, 30 January 2019 02:52 PM

    Like 'nsathees' (above) said.... Just use Linux as your OS. NO Problem then...

Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment

Focus on Laggala Gem mining big shots bigger than the law

The truth is now being uncovered regarding an illegal mining racket in state

How and why the TNA was formed twenty years ago

The Tamil National Alliance (TNA) is now twenty years of age. The premier pol

India lays emphasis on culture diplomacy with Sri Lanka

Indian Prime Minister Narendra Modi wanted to inaugurate the Kushinagar Inter

Bittersweet memories of a ‘City that never slept’

At the heart of Eastern Province lies a now abandoned ghost town punctuated w