cyber security

This is a “wake-up call”, says Microsoft, as world recovers from “largest ransomware attack in history”

Private companies and public services are recovering from the impact of Friday’s international cyber attack. The malware was found to exploit a vulnerability identified by the US National Security Agency (NSA), provoking debate over who is responsible for the attack.

The bug hit hundreds of thousands of computers around the world, spreading mostly by e-mail and disrupting operations at hospitals, schools, factories, shops and other services.

“WannaCry”, the bug responsible for the chaos, is a type of ransomware. Ransomware blocks access to data and demands a ransom to restore access. WannaCry has been demanding payments of $300 to $600 dollars in bitcoin to restore access to encrypted files, threatening to double the ransom after three days and delete the files after seven days.

WannaCry ransom message

Infected computers are mostly older devices that organisations did not consider worth the price of upgrading or machines involved in important manufacturing or hospital operations which would cause disruption if patched, security experts have commented.

Patches were released by Microsoft last month and on Friday to fix the vulnerability in their software.

An anonymous British-based researcher who tweets @MalwareTechBlog has been credited with temporarily halting the spread of the bug by identifying a particular web address the malware was trying to connect to and taking control of the server.

The extent of the attack and its damage is not yet clear. Rob Wainwright, director of the European Police Office Europol, has said that more than 200,000 computers in at least 150 countries have been affected by WannaCry, while leading security software company Avast announced that they have observed 126,534 ransomware infections in 99 countries.

The attack is the “largest ransomware attack observed in history”, Europol has said.

The US Cyber Consequences Unit – a non-profit research institute – estimated that total losses would range in the hundreds of millions of dollars, while California-based cyber risk modelling firm Cyence estimated a total cost of $4 billion, taking into account costs associated with interruptions to business.

Some manufacturers, such as Renault, were forced to halt operations to prevent the spread of ransomware in their systems.

WannaCry attack infographic

Image credit: Gillian Abbott

In the UK, the NHS was widely affected, with 48 out of 248 health service trusts in England reporting having been affected by the attack, with operations and appointments being cancelled. An emergency government Cobra meeting was called to discuss the attack and security minister Ben Wallace reports that NHS cyber-security experts have been working non-stop alongside the National Cyber Security Centre to patch computer systems.

The WannaCry attack has become a political issue in the UK general election campaign, with Labour Party figures arguing that underinvestment in the NHS may have left the health service exposed to cyber attacks.

Other major organisations affected by the attack include Telefonica in Spain, Portugal and Argentina, Deutsche Bahn in Germany, Chinese energy giant PetroChina, international shipper FedEx, and major manufacturers including Hitachi, Nissan and Renault.

While the attack has affected businesses and public services across most of the world, Australia and New Zealand remain mostly unaffected by the bug, with no reported cases in New Zealand and just three in Australia, according to Australian Cyber Security Minister Dan Tehan.

While the ransomware attack appears to have peaked, experts warn that further complications could be waiting around the corner. Guillaume Poupard, head of the French national cyber security agency, has warned that disruption could continue during the working week as staff return to work.

WannaCry exploits a vulnerability in Windows operating systems to spread itself across networks at a rapid speed. The code for exploiting the vulnerability, known as “Eternal Blue”, was leaked online in March by a hacker group called the Shadow Brokers. The group claim that it was stolen from an arsenal of NSA hacking tools.

Cyber security experts warn that a similar “Eternal Blue”-based attack could be used beyond extortion campaigns, such as to seize control of networks and steal data.

The likely origin of the tool with the US security agency has raised some debate over who should share responsibility for the attack. In a blog post published on Sunday evening, Microsoft President Brad Smith acknowledged experts’ suggestions that the ransomware utilised an NSA hacking tool

“This is an emerging pattern in 2017,” Smith wrote. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks and now this vulnerability from the NSA has affected customers around the world.”

The attack provides another example of why the stockpiling of vulnerabilities by governments is such a problem, he said. An equivalent scenario with conventional weapons, he added, would be the US military having some of its Tomahawk missiles stolen.

Governments should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities”, he concluded.

Wannacry timeline infographic

Image credit: Graphic News



Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles