What Surprises Will Monday Bring?
UPDATE: Today, May 15th, the world is waiting on baited breath to see what further chaos the WannaCry ransomware will wreak on the world. In the United States, news agencies were warning individuals as they came back to work Monday morning to be careful about opening emails and accessing the internet. This is not just a scare tactic designed to attract more viewers, in fact the attack could have been much worse. The Telegraph reports that Marcus Hutchins, a.k.a. Malware Tech, was able to take control of a feedback loop built into the virus, effectively stopping it in it’s tracks. The bad news is that now the authors of the virus know about the loop too, and won’t make the same mistake again. For now, continue to keep your Windows patched, and we will keep updating this page as events unfold.
Friday, May 12th, the world was attacked by a malware developed by the United States government, intended as a deployable cyberweapon. According to Tripwire.com, this malware has been around since February 2017, however, a new strain emerged this month and has since taken off. The map above, obtained from NBC.com, highlights the number of devices infected on May 12th, 2017. In those dots above are hospitals, telecom companies, and even FedEx, in addition to civilian end-users. The BBC has reported that 75,000 cases of WannaCry and it’s variants have been found globally by Avast. According to the New York Times, the virus struck Russia the worst initially, followed by the Ukraine, and then kept going. With the image above, and reports coming out of the United States this evening, I would argue that the United States was simply impacted later than those in the east.
The New York Times goes on to describe the code source as having originated with the United State’s National Security Agency to be used as a cyberweapon, but was stolen by a group called “Shadow Brokers” who then put it up online. Former intelligence officials have said that the tools appeared to come from the N.S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks.
So what does the malware WannaCry do? It is a ransomware that takes control of the computer. The virus encrypts the data on the device then demands money for a key to unlock it. Right now, the WannaCry ransom is about $300US, to be paid in Bitcoins. Bitcoins are particularly attractive to malicious actors because they can be transacted autonomously, making the beneficiary of this software very hard for law enforcement agencies to track.
Yet, what is most worrisome about this malware attack were the industries impacted. In Britain, the National Health Service (NHS) was brought to it’s knees today. The virus entered as an email with an attachment. Once opened, it spread like malicious wildfire through the system. Tripwire.com obtained the first tweets from medical staff at the hospital.
Determining how to provide service without access to medical records and patient tracking made providing care at NHS almost impossible. Immediately following the attack many hospitals within the service went on diversion. Though arguably the most life-threatening of the industries attacked, it was not the only critical infrastructure affected by this attack. Spain’s Telefónica and Russia’s MegaFon telecom companies were also impacted. According to Wikipedia, Spain’s Telefónica is one of the largest providers of telephone service, providing mobile phone networks globally, and Russia’s MegaFon is the second largest mobile phone network provider in Russia. With these companies brought down, many who rely on their services are without recourse.
Finally, FedEx has also been affected by this malware. Though not a critically as the hospitals or telecom industry, FedEx has still felt the struggle of isolating and recovering data hijacked by the virus.
Most of this pain could have been prevented had all those infected simply installed the latest Window’s updates, released on May 9th, 2017. Having been present in the wilds of the internet since March, this virus gave Microsoft time enough to create a fix and get it pushed out to computers prior to today’s attack. Unfortunately, the necessity of this update was not understood until it was too late.
As ironically as today’s event has been, the United States has developed a national strategy for cybersecurity that originated during the Obama administration. Yet, being globally connected, simply having a national plan is not sufficient. Much like the environment, it is necessary to have a global cybersecurity strategy. But until that happens what can each of us do to protect ourselves from malware?
- Always update software. I know it’s annoying to update Java and Windows every other day (or so it seems), these patches will save your computer, your data, and all the frustration of being unable to access the internet.
- Have an anti-virus, and keep it up to date. Scan your computer regularly. This has been pretty standard practice for the last 20 years, but it is a critical today as it was then, so we’ll keep saying it.
- Always backup your data. If you do happen to get infected by one of these horrible viral plagues, you will at least be able to restore your system to factory settings and reload all key pieces of software and data.
- Watch the news. Being an ever-connected society, as soon as a cyber whopper is released into the wild people will report it. It will be on Twitter, Facebook, Instagram, and all others social media sites. The news will pick it up and share it from there.
