Unprecedented ransomware attack a nightmarish ‘wakeup call’ – CNET

Padlock on a computer keyboard

When ransomware strikes, you’re locked out of your computer — and you have to pay to get in.

Schöning/Ullstein Bild via Getty Images

Because we needed another reason to keep us up at night.

The latest cause for concern is WannaCry, a nasty piece of ransomware that locks up your computer and holds it hostage until you pay the hackers. Ransomware isn’t new, but the difference here is scale: As of Sunday, more than 100,000 organizations in at least 150 countries had been affected, making this the largest cyberextortion scheme ever. (You can actually watch a real-time map of affected computers)

That’s scary enough, but what really chills the bone is the idea that we have no idea when this will all end. The speed and reach of WannaCry, as well as its ability to evolve, are yet more examples of the new age of cyberterrorism that we live in. It’s one in which hackers can influence the US election, pilfer your personal information or hold up critical life-saving systems in hospitals. And because of our dependence on technology, there are no easy solutions.

“The WannaCry ransomware outbreak is a wakeup call for the world,” said Andreas Kuehlmann, senior vice president of the software integrity group at software provider Synopsys. “It highlights not only our interconnectedness and deep-seated dependence on technology, but the massive challenge we face in securing the ecosystem of software and systems we rely on.”

With new cases cropping up over the weekend in China and Japan, following the first wave in the UK and elsewhere on Friday, it’s no wonder millions of people walked into their offices wondering if they too were victims of WannaCry. Or worse: What if this outbreak evolves into something even more dangerous and widespread?

WannaCry has already shown the ability to change. An analyst from MalwareTech on Friday stumbled upon a way to halt the initial attack, unwittingly activating a kill switch, By Monday, however, hackers had changed the code so that kill switch no longer worked.

Genesis of WannaCry

WannaCry, also known as WanaCrypt0r 2.0, is able to get into Windows systems by exploiting a vulnerability called EternalBlue, which was first discovered by the NSA and then, in April, leaked by the hacker group Shadow Brokers. The updated version that debuted Monday also uses the same exploits.

Victims have gotten messages asking for money in exchange for unlocking their computers.

Foursys

The malware enters a computer system through an email attachment and can spread through the local area network through a standard file-sharing technology called Windows Server Message Block, or SMB. Hospitals in the UK’s National Health Service, Spanish telecommunications provider Telefonica and global shipping giant FedEx were among the early organizations hit, and it spread from there.

“It shows how the criminals really have the upper hand in this situation and most companies are completely unprepared for this kind of attack,” said Gartner analyst Avivah Litan.

The hackers typically demand about $300 in payment via bitcoin, an untraceable digital currency often used on shadowy parts of the internet. If that ransom isn’t paid in 72 hours, the price could double. And after a few days, the files are permanently locked.

Hackers could stand to make more than $1 billion if the ransoms are all paid.

Outdated equipment

Microsoft believes that government agencies like the CIA hoarding software flaws and keeping them secret contributed to WannaCry.

While Microsoft has patched up the vulnerabilities in newer versions of Windows, that left computers running older software still open to attack. And guess what? A lot of people still use Windows XP. Likewise, if you don’t have a licensed version of Windows (that is, if you stole it), you may not have the necessary patches to protect you.

The effectiveness of WannaCry underscores the fact that many of these computers are using older software and haven’t been updated or patched.

“As we look at the overall cybersecurity posture of the country, we have to look at the way we manage old platforms and better protect them,” said Mark Testoni, CEO of security software company SAP NS2.

Here’s how bad things are: Through 2020, 99 percent of attacks will occur using vulnerabilities that security and IT professionals will have known about for at least a year, according to Gartner.

It might be time to start to doing something about it.

Still evolving?

Today’s problem may just be the beginning. The real fear is that this incident will set off a new wave of attacks. Hackers have already updated WannaCry. What’s next?

“The concern being that potentially a new variant of this ransomware could show up on Monday,” said Adam Meyers, vice president of intelligence at Crowd Strike, told CBS News. “And it would take a lot more effort to try to stop that next wave of attack.”

Copycats are already starting to pop up, according to security experts.

That’s really what’s keeping security professionals awake at night.

“So we have the WannaCry thing. They’ll say, ‘did you fix it?’ ‘Well, we fixed the glitch. We’ve patched the ones that have been infected. Great, so we’re good,'” said Yahoo Chief Information Security Officer Bob Lord at TechCrunch Disrupt on Monday. “But that transactional relationship isn’t going to prepare you for a truly intelligent adversary who really is out to get you.”

A persistent, ever-changing threat that’s always coming after you? Hollywood couldn’t write a better horror flick.

Tech Enabled: CNET chronicles tech’s role in providing new kinds of accessibility.

Crowd Control: A crowdsourced science fiction novel written by CNET readers.

Leave a Reply

Your email address will not be published. Required fields are marked *