Cyberattack! Ransomware and The Future of Computing

The big news this week was the outbreak of a computer virus called “WannaCry”. According to CyberSecurity company Symantec makers of Norton Security, WannaCry  is a “worm that spreads by exploiting a vulnerability in the Windows operating system. Once installed, it encrypts files and demands a payment to decrypt them.” Because WannaCry demands payment to restore your files rather than just causing wanton destruction it is called “RansomWare”.  In this case, WannaCry demands payment of $300 -$600 per computer in Bitcoin to restore the data that the virus has encrypted. So virus’ writing is no longer simply the purview of the anti-establishment terrorist but has now developed a “for profit” side.

Who Was Hit?

WannaCry Ransomware“In China, “hundreds of thousands” of computers were affected”, Renault in France, Germany’s national Deutsche Bahn Railroad, in Japan Hitachi, LTD,  was hit. In South Korea it was the largest Cinema chain CJ CGV Co. In Spain a number of utilities got it and most spectacularly massive portions of the UK health system. Also affected were computers in Russia, Ukraine, Brazil, and India. The only major U.S. company affected appears to be FED-EX.
Why were these computers hit and not others? Because the virus was targeted at computers running on old, outdated versions of Microsoft Windows software. The Ransomware exploited a weakness in the Windows XP operating system… The last release of this software was in April 2008 (over 9 computer years ago! And since computer years are like dog years, that’s like 49 people years or maybe a lifetime in the U.S.) . So most major U.S. companies were immune simply because they stopped using that OS before Microsoft stopped supporting it in 2014.

Other reasons most U.S. computers were immune to the attack was because their Antivirus software was up to date, or because companies required their workstations to store data on a server and that is backed up regularly so rather than pay the ransom they just had to restore the data. In other words, those affected were victims of their own negligence. At the very worst it should be a matter of restoring lost files from backups. Any company seriously affected by this attack should be ashamed of themselves.
Note: Despite the fact that Microsoft no longer supports XP, in response to the World-wide emergency they released a patch to protect XP once this virus became widespread.
What can we learn by looking at the victims?
One of the biggest victims was the UK Health System. At least 40 UK hospitals were virtually shut down because of the virus.
Which brings up the next question…
Why are the UK health system computers so woefully inadequate, outdated and poorly maintained? It couldn’t possibly be the result of being a “National Health System” could it? Are they in the same class as Spain’s utilities? Apparently so.
The one that surprised me was Fedex. You would think that a large company like that would have their protection and computers up to date. Although I can’t confirm this, the only thing I can think of is that WannaCry hit the local PC’s at the drop off points that are only used for entering a few keystrokes to log in a package.

Who’s Responsible for the Attack?

North Korea MapAccording to CNN there is a possible link to North Korea. Which makes sense because the major computer Operating System (OS) in North Korea is…

 

wait for it…

 

Windows XP.

 

In China about 1/3rd of the computers still use Windows XP, and apparently it is also used by Utilities in Spain and Hospitals in the UK.

At this point despite the massive amounts of damage done, the total benefit appears to be ” less than $60,000 in ransom”. Since paying the ransom just encourages the criminals, security professionals and government agencies are recommending that you not pay it. There is no evidence that the North Korean government was involved although some have suggested that the regime is basically bankrupt and could use the money.

Amanda Rousseau, malware researcher at security firm Endgame says ” the malware code indicates there are at least two different parties responsible for creating it because there are two pieces of the attack that are coded differently.” and since it was easily reverse engineered,  “a less experienced person wrote it.”

Trends in Cybersecurity

Cyber SecurityCybersecurity is kind of like trying to grab water. Cybersecurity is constantly changing. It is like a game of “one-ups-man-ship” a new security hole is discovered and then there is a race to write a patch for it. Then the hackers try to find new ways to get around the security and the game goes on.

Just because the U.S. was not seriously affected by this particular virus doesn’t mean that we are immune. Coincidentally, on the day before the ransomware attack President Trump signed an executive order designed to improve the nation’s cybersecurity. According to USA Today, “a report from cybersecurity company Thales, 34% of federal agencies experienced a data breach in the last year, and 65% experienced a data breach at some point in the past. Almost all agencies – a whopping 96% – reported that they considered themselves “vulnerable” to cyberattack, while 48% said they were “very” or “extremely” vulnerable.” 

So cybersecurity is big business and governments are major players in the cyberhacking / cyberhacked game. USA Today continues, “The Russians, the Chinese, the Iranians, other nation-states are motivated to use cyber capacity and cyber tools to attack our people and our government and their data.” 

In another North Korea related event, there has been some speculation that “NORTH Korea’s latest nuclear test missile exploded five seconds after launch yesterday (April 17, 2017) because of an American cyber attack.”  But this is nothing new, way back in the first “Gulf War” there was speculation that many of Iraq’s SCUD missiles were not intercepted by Patriot missiles but simply fell out of the sky (perhaps due to an embedded software bug or U.S. based “kill switch”). There is also evidence that chips in U.S. made copiers in Iraq, sent a tracking signal that allowed more precise targeting of U.S. missiles.

Types of “Malware”-

The terminology can be a bit confusing. There are various types of “bad code” that are out there. ‘Malware’ is the umbrella term that is used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. See a full explanation here  but I will focus on the three common bad guys.

  • Trojan Horses aka. “Trojan” – is a piece of software that disguises itself as some sort of beneficial program but has a hidden function. It could look like a game, app, cat video or whatever but once you give it permission to run, it can do things in the background that are not good. It may contain “keystroke loggers” that watch what you type, looking for passwords etc. or it could install more malware, modify files, use the computer in botnets to mount Denial of Service attacks on websites, etc. The key factor that makes something a Trojan is how it enters your computer, just like its namesake it enters pretending to be something else.
  • Virus- Just like in humans, a computer virus replicates itself and spreads to other computers. Viruses can spread by attaching themselves to innocent programs and executing code when a user launches one of those infected programs. So just like you shouldn’t share needles, you shouldn’t share programs on thumb-drives etc.  Viruses can be used to steal information, harm host computers and networks, create botnets, steal money, render advertisements, and more.
  • Worms- Worms spread over computer networks by exploiting operating system vulnerabilities. Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers. Computer worms can also contain “payloads” that damage host computers. The WannaCry Ransomware was a worm.

You might also like:

Recommended by Amazon:

 

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top