Friday’s WannaCry Ransomware attack effectively acts as a lesson for governments and organizations worldwide to show how vulnerable they are to cybercrimes due to lack of care and responsibility in protecting their computer systems.
Shares in firms that provide cyber security services jumped on the prospect of companies and governments spending more money on defenses, led by Israel’s Cyren Ltd (CYRN.O) and US firm FireEye Inc (FEYE.O).
This coming Friday, victims face being locked out of their computers permanently if they fail to pay the $600 ransom, said Tom Robinson, co-founder of Elliptic, a London-based private security company that investigates ransomware attacks.
The newest version of the Microsoft operating system now holds just 26 percent of the global market.
The ransomware attack was particularly malicious, because if just one person in an organization clicked on an infected attachment or bad link, all the computers in a network would be infected, said Vikram Thakur, technical director of Symantec Security Response. Microsoft did issue patches for the vulnerabilities before the attacks took place, but not everyone downloaded them. “If you’re not going to allow the NHS to invest in upgrading its IT, then you are going to leave hospitals wide open to this sort of attack”. With this attack, Abrams recommends trying to recover the “shadow volume” copies some versions of Windows have.
The massive ransomware campaign specifically targeted the healthcare industry. That gave the security community a good idea of how the malware was spreading.
The latest ransomware was successful because of a confluence of factors. Numerous organizations that were affected, such as the NHS, were running on obsolete software and did not update their computers to the most recent security updates. A recent Apple software update, for example, caused some iPad Pros to cease functioning.
Cluley said yesterday’s attack also highlighted the risks that organizations take by not investing in updated IT systems and security. The largest number of WannaCry attacks occurred in Russian Federation and Ukraine.
Its initial objective by the NSA was to gain access to computers used by terrorists and enemy states, but unfortunately, the hackers behind the cyber attack saw this as an opportunity for misuse.
“We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003”, wrote Phillip Misner security group manager at the Microsoft Security Response Center (MSRM), in a blog posted on Friday.
The NSA and other intelligence services generally aim to balance disclosing software flaws they unearth against keeping them secret for espionage and cyber warfare purposes.
Using antivirus software will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these pests. Sean Dillon, a senior security analyst at RiskSense, said in an interview this morning that the ransomware itself is “off the shelf” malware, but the attackers bolted on the NSA exploit (see below for a deeper analysis). However, he did warn that following the patching advice from Microsoft and the Federal Bureau of Investigation should be a top priority to stop the spread, which has hit a number of large-profile companies, including FedEx. Shutting down a network can prevent the continued encryption – and possible loss – of more files.
Keep all the software on your computer up-to-date.
Security researchers say they encounter “ransomware” every day: malicious software that hijacks your computer and scrambles your files, demanding money to get them back. There’s also no guarantee all files will be restored. The company had already been supporting it longer than it normally would have because so many customers still used it and the effort was proving costly.
“If there is a silver lining to it, you’re not out a million dollars”, he said.
Europol’s European Cybercrime Centre, EC3, said in a statement today that the attack was “at an unprecedented level and will require a complex global investigation to identify the culprits”.