WannaCry ransomware’s domino effect
In true ransomware style, the hackers behind WannaCry are taking control of computer systems, blocking access to data and holding it for ransom – a pop-up message will tell you as much. In this particular case, they’re after Bitcoins.
But here’s the crazy part: It was combined with a worm application, which allowed the program to replicate itself and extend across networks.
It spread like an epidemic, hitting over 200,000 systems in 150 countries. The code allowing it to do so, known as “Eternal Blue,” was released onto the web by hacker group Shadow Brokers – they claimed it was stolen from the National Security Agency (NSA), and that it helped bypass security flaws.
And while measures are being put in place to slow its spread, updated versions of the malware seem to be popping up.
“The global reach of WannaCry is unprecedented,” Europol’s director, Rob Wainwright, told ITV. “At the moment, we are in the face of an escalating threat – the numbers of those infected keep going up.”
Here’s what a London GP sees when trying to connect to the NHS network pic.twitter.com/lV8zXarAXS
— Rory Cellan-Jones (@ruskin147) May 12, 2017
— Patrick Schanen (@patrickschanen) May 14, 2017
But it was basically only a question of time, Dennis Monner, the CEO of Secucloud, told Real Business. “Sooner or later, cybercriminals would get their hands on a security flaw that would help them start this scale of attack. Nevertheless, its effects surprised everyone – there were reports practically every minute about newly-infected hospitals, carmakers and transport companies. It made us see how weak our entire digital infrastructure really is.”
It sounds like bosses need to get their businesses a little cyber protection. SMEs are no exception – really. In fact, small businesses offer a perfect cover for hackers, a National Security Conference panel warned in 2016.
One of the speakers, Vincent Loy, PwC’s Asia-Pacific financial crime, cyber, data and analytics leader, said: “Criminals know SMEs are not well-equipped and are thus perfect targets. The reason is that SMEs are connected to the whole ecosystem and criminals will go for the lowest hanging fruit – these companies are used as an avenue or entry point to bigger firms.”
The “I’m too small to get attacked” perception is one SMEs can’t afford. But with most lacking the finance to afford high-scale solutions, the best advice is that the infection is typically delivered through an e-mail attachment.
What part does Microsoft play in this fiasco?
No one wants to be blamed for an attack of such scale, but we all seem to be pointing fingers. In a letter to the Times, former spy chief David Omand claimed Microsoft had stopped supporting Windows XP knowing companies had invested heavily in it. The NHS, for example, had 70,000 devices running on this particular software.
Microsoft, on the other hand, blamed the NSA’s hidden assortment of tools. That’s where the Shady Brokers crew comes in. Eternal Blue exploited a Windows XP vulnerability named MS17-010, which was used by the WannaCry hackers.
“MS17-010 is the best candidate for this ransomware attack,” Matthew Hickey, co-founder of Hacker House, explained to Forbes. “If anything I am surprised it hasn’t happened sooner. And it does indeed highlight dangers of NSA exploits being released to the public. They are weapons-grade and available for easy use. Attacks like the one on the NHS are an easy way for criminals to capitalise on these exploits.”
But experts have suggested we shouldn’t play the blame game. Gavin Millard, EMEA technical director at Tenable Network Security, claimed “Microsoft made huge strides in the last few years to improve the security of ubiquitous operating systems. But code is rarely perfect and flaws will always find a way into the millions of line of instructions required in a complex operating system.
“Instead of trying to attribute blame, it would be far more productive to consider what could have been done to reduce the spread of an aggressive piece of ransomware like WannaCry. Bosses have to improve visibility into their complex environments to discover where weaknesses reside and have robust and rapid approaches to addressing these flaws before they are weaponised by the next ransomware author, eager to turn tardy patching into profit.”
He added that companies were also infected due to a lack of trained staff and a reliance on old, unsupported software. Before round two begins, it’s time to make sure your systems are up to scratch – and that you don’t click on fishy-looking e-mails.