The cyberattack that occurred on Friday 12th of May, showed how crippling the consequences of ransomware can be. The WannaCry ransomware attacked over 300,000 computers systems in over 150 different countries. The malicious ransomware targeted hospitals, universities, industries, global companies and governmental agencies. The hackers were able to take advantage of a weakness in the Windows system, and used hacking tools of the NSA – that reportedly had been stolen by hackers of the group ‘Shadow Brokers’, and leaked on the internet. The ransomware WannaCry used a hacking tool called EternalBLue, which allowed them to take over unpatched windows systems, and especially systems prior to Windows 10 were vulnerable to this. The cyberattack was fortunately stopped by a UK cyber security expert, MalwareTech, who had registered the domain name. Microsoft has since updated its systems, including old Windows systems like Windows XP, Windows 8 and Windows server 2003. The ransomware attack shook up the world and showed how important it is to have good cybersecurity, but also to have plans regarding mitigation and making everything operational again.
Effects on Society
Worldwide, a lot of different organisations and governments were affected by the the WannaCry – also called Wanna Decryptor – attack. In the UK, the National Health Service was infected by the ransomware, and around 45 health service organizations were hit. It caused several hospitals to cancel surgeries and Emergency Rooms had to send patients to other hospitals. In Russia the Ministry of Interior, mobile provider MegaFon and Sberbank were affected by the ransomware attack. The telecommunication provider Telefonica in Spain was also a victim. These are just a few examples of the incredibly high number of companies and governments that were attacked by the ransomware.
The WannaCry ransomware showed us what negative effects a cyber-attack can have on society. These effects will only increase, considering that our society is becoming more and more digitalized. The ongoing digitalization also concerns the critical infrastructures, which has an even more negative effect on society than when solely private computers are attacked. If, for example, a critical infrastructure like the water system is compromised by a cyber-attack, it has huge repercussions for the people and companies involved. It essentially disrupts society and makes everyday life a lot harder. Living without water is impossible; it is a basic need for every living being.
How Does the Ransomware Work?
The ransomware WannaCry made use of a flaw in the Windows software, allowing it to spread fast and encrypting files in computers. The flaw was discovered by the NSA and leaked by hackers of the hacker group Shadow Brokers. It is speculated that the Lazarus Group from North Korea were behind the WannaCry ransomware attack on Friday. They used the stolen hacker tool EternalBlue to take over the unpatched Windows systems.
With ransomware, hackers take control of your computer system and block the access to your files. In order to unlock your computer the hackers will demand a sum of money. However, according to security experts, paying the ransom does not guarantee that your files will be decrypted. Normally this type of ransomware enters your computer systems through clicking on links or files sent through email. When an attached file is opened containing the ransomware it will encrypt your hard drive making it impossible to access the files stored there.
The WannaCry ransomware was a bit different due to its worm component. The worm-effect allowed WannaCry to spread fast over different networks after the initial infection had taken place. The infection started on Friday 12th of May and spread over the weekend throughout the world until it was stopped by a cyber security expert from the UK.
What Should be Done?
The weakness in the Windows software was found by the NSA. However the NSA never reported it to Microsoft, and in fact they developed a hacker tool to utilize it. This meant that the Windows systems were left with a vulnerability. If the NSA had communicated the weakness in the Windows systems to Microsoft they would have been able to patch it up. This would have allowed governments and companies to save a lot of trouble and money. It is therefore important for future action that there is better communication, regarding weaknesses in systems, between the government and companies.
Being completely secure is not possible due to the continuing evolution of cyber-attacks. However some security measures can be taken to make you less vulnerable. For users of the Windows systems it is important that the system is frequently patched up. Also backing up your files to an external hard drive or cloud storage will mitigate the damage if your computer is affected by ransomware; as you will still have access to your files. Besides this it is important to be aware of phishing emails and not to open any attached files of emails you do not trust. This will prevent ransomware from infecting your computer.
The danger of another ransomware attack is significant. The WannaCry attack has been stopped, but the code can be changed by someone else which will allow it to spread again. In the next case the ransomware might not have a kill switch.