Analysis: Latest hack shows up need to update computer systems
The Wanna Decryptor virus infected older systems that are harder to keep secure
According to the 2017 Verizon Databreach Investigations Report (DBIR), the number of ransomware attacks grew by 50 per cent from 2015 to 2016. Photograph: Ritchie B Tongo/EPA
Friday May 12th, 2017, may become a landmark date in the world of cybersecurity. A major wave of cyberattacks known as ransomware infected thousands of computers around the world.
Ransomware is a computer virus that upon infecting a computer encrypts the data on a computer and demands a ransom, in this case around $300, for a password to allow the owner of the computer regain access to their files.
Ransomware is normally spread using email containing attachments or links to infected websites so that when the unsuspecting user clicks on the attachment or the link the ransomware is activated and encrypts the victims data. What is different about this ransomware, known as Wanna Decryptor, is that it takes advantage of a known security weakness in older versions of Microsoft Windows to enable it to spread automatically from one insecure system to another. The speed of how quickly this version of ransomware spread without requiring intervention by people to infect their computer is what makes it unique and Friday the 12th a landmark date in cybersecurity.
Within hours this computer virus had infected computers in over 70 countries including the UK, Spain, China, Russia, and the United States, and was was spreading quickly. In the UK, 39 National Health Service (NHS) hospital trusts were impacted, with several hospitals forced to cancel some patient services and others having to divert ambulances to other hospitals.
In the US, FedEx announced a number of their systems had been infected with the ransomware, and the Russian interior ministry said that more than 1,000 of their computers were held to ransom. Over the weekend, production was affected in Renault and Nissan plants; by Sunday, Europol said 200,000 cases had emerged in 150 countries.
While many headlines boast this is a sophisticated cyberattack, at its root it is not really that sophisticated. The security weakness, or vulnerability, exploited by Wanna Decryptor to spread itself so quickly has been known to Microsoft for a number of months, and Microsoft released a fix to address this vulnerability several weeks ago. Any systems that had the fix applied would not be impacted by this virus.
What Wanna Decryptor has highlighted is that many organisations are still using older computers and operating systems which are becoming more and more difficult to keep secure. This can often result from organisations not having the money to invest in IT systems over the past number of years due to other financial priorities and pressures, or it could be because old legacy applications and systems may stop working should they be patched or upgraded to later versions of software.
More worrying is that this attack demonstrates that many organisations are not taking cybersecurity seriously and are not investing the time, money or resources to ensure the systems their businesses rely upon are properly secured.
The sharp increase in ransomware in recent years highlights that many organisations still do not get the basics right when it comes to cybersecurity. According to the 2017 Verizon Databreach Investigations Report (DBIR), the number of ransomware attacks grew by 50 per cent from 2015 to 2016. What is saddening is that ransomware is not a new threat. At its heart ransomware is basically a computer virus, except this time it has a particularly immediate and effective payload. We have been battling computer viruses for over 25 years, so it is disheartening that we still see individuals and organisations fall victim to these attacks.
With our ever-increasing reliance on computer systems to run and protect our businesses, our economy, our hospitals, our communications, the critical services we rely on, our own personal lives and data, our homes, even our cars, it’s time that as a society we take cybersecurity seriously. The Wanna Decryptor attack may have just affected computers; tomorrow we may not be so lucky and a cyberattack impacting a critical system could have life-threatening results.
Brian Honan is founder and CEO of cybersecurity firm BH Consulting