Malware Attack Underscores Cyber Threat
On Friday, malware known as “Wanna Cry” spread around the world, affecting approximately 200,000 victims in at least 150 countries. The malware, known as “ransomware,” encrypts victims’ computer files to make them unusable unless the victims pay the hackers a ransom in Bitcoins. The malware took advantage of a vulnerability in the Windows operating system that hackers had released in April. Although Microsoft issued a patch in March to fix the vulnerability, users and administrators who did not install the patch or who were running older versions of Windows were susceptible. Many large business and government entities have been affected, and the British National Health Service was hit particularly hard.
Last Thursday, Director of National Intelligence Dan Coats testified before the Senate Intelligence Committee that cyber threats “are already challenging public trust and confidence in global institutions, governance, and norms, while imposing costs on the U.S. and global economies.” He added that such threats “also pose an increasing risk to public health, safety, and prosperity as cyber technologies are integrated with critical infrastructure in key sectors.” He specifically mentioned that ransomware “has become a particularly popular tool of extortion” and that “criminals employing ransomware turned their focus to the medical sector, disrupting patient care and undermining public confidence in some medical institutions.”
Also on Thursday, the president issued an executive order directing federal agencies to strengthen their cybersecurity plans and to support the cybersecurity efforts of entities overseeing critical infrastructure. The order requires agencies to develop cybersecurity risk-management plans and instructs them to “to build and maintain a modern, secure, and more resilient executive branch IT architecture.”