What started as a report that British hospitals were facing a ransomware attack has quickly snowballed into a worldwide disaster. Here’s how it happened, and what comes next.
The ransomware, variously called Wannacy, Wcry, and Wanna, is a nasty bit of business. It’s a self-replicating virus designed to invade systems, encrypt their files, and then demand a payment to unlock everything, usually in Bitcoin, which is allegedly untraceable. Unlike recent hacks in the news, you don’t have to do anything to set it off. Once Wcry invades a computer, it will take control and spread the payload to any machine it can breach. Furthermore, it was clearly designed to go worldwide, as the ransom demands are written in multiple languages, and so far, 74 countries have been reported it in various systems.
So, how did we get here? For that we have to go back a month. On April 14th, a group called the Shadow Brokers, widely suspected to have ties to the Russian government, leaked a bunch of what they claimed were NSA exploits designed to invade systems. These leaks have been happening since the election, and were widely considered “warning shots” by the intelligence community that Russia would attack U.S. systems. This leak was particularly dangerous because it not only included several “exploits,” or ways into older Windows systems, it also included step-by-step instructions on how to use these to coordinate an attack. Windows 10 systems are unaffected; these are old exploits that date from roughly 2009 to 2013. Interestingly, reports of Wcry, or at least a ransomware with that name, date to before the Shadow Brokers dumped these exploits on the internet.
Now, it appears those instructions have been used. Clues like the clean grammar of the Russian ransom demands indicate the attack originated with that country, and in fact Russia has been the hardest hit. But it’s quickly spread from there, affecting everything from Spain’s telephone systems to the United Kingdom’s hospitals.
Why were these important systems so vulnerable in the first place? The problem is one of “legacy” systems. Large institutions, public and private, are extremely slow to upgrade their systems, which in turn makes them vulnerable to undiscovered problems hackers can exploit to access the system. It’s a problem any government struggles with, and it’s made large systems particularly vulnerable to the attack. Microsoft, on Monday, openly criticized governments for ‘hoarding’ exploits instead of revealing them so that systems could be better secured.
All of which leads to the obvious question: How can you protect yourself? First, back up your files; ransomware only works if you can’t wipe your hard drive and start again. Most computers have a functional backup utility at this point. Secondly, if you run an older version of Windows, run an update (or switch to Windows 10) if possible to ensure you’re running the newest version. This may not protect you from the ransomware, however, and anti-virus might not be able to help either. Microsoft and various others are scrambling to find and intercept the virus before it spreads further.
Finally, let’s all treat this as an important reminder. With computer security, there’s what we know is a threat, and what hasn’t been revealed as one yet. So plan accordingly, especially with sensitive data online.