Ransomware, a type of malware that encrypts a user’s data to demand payment in exchange for unlocking the data hit thousands of companies in dozens of countries on May 12, 2017.
Over the past weekend, the malware named “WannaCry” started infecting IT systems in major hospitals in England. 48 of the 248 NHS trusts in England were affected by Friday’s cyber-attack. Ambulances and patients were turned away from the hospitals across U.K. It also impacted Russia, France, and more than 29,000 Chinese institutions.
Despite the massive scale of the infection, attackers could only raise $20,000 as reported by Tom Robinson, Co-founder of Elliptic, a company that tracks and investigates illicit activity taking place through Bitcoin.
The cyber-attack was stopped through timely intervention by a 22-year old British cyber security researcher. Known as Malware Tech, the researcher found a ‘kill-switch’ upon inspecting the code of the malware. It was an unregistered domain through which the malware was executed. The British researcher registered the domain and pointed the malware to a sinkhole (a server maintained by the researcher’s organization) which triggered a halt to the ransomware. However, the same researcher wrote in his blog post that the threat is not over, and without the Windows patch the measure may be short lived.
“One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible”, wrote Malware Tech.
Who Got Cyber-Attacked?
- FedEx- America
- Telefónica- Spain
- Megafon- Russia
- Renault- France
- 30,000 Institutions- China
- Nissan Motors- Japan
- Deutsche Bahn- Germany
- CJ CGV Co- South Korea
This is a non-exhaustive list of companies and organizations hit by the last weekend’s cyber-attack.
The main causalities of the attack were UK, Russia, Ukraine, India, China, Italy, Spain, and Egypt. Telefonica, the Spanish telecom company also experienced service glitches.
Experts such as Markus Jakobsson, chief scientist with security firm Agari calls the attack “scattershot” which implies that it was designed in a way to spread rapidly across countries. Europe and Russia were the hardest hit among all countries, according to security researchers Malware Hunter Team.
— MalwareHunterTeam (@malwrhunterteam) May 12, 2017
How it happened and Who’s Behind the Attack?
A group called Shadow Brokers, also claiming to steal a cache of ‘cyber weapons’ from the NSA last year (National Security Agency) was behind the cyber-attack.
The group exploited a vulnerability in Windows OS (operating system). The malware is spread via email whereby the attackers demand users to pay $300 worth of Bitcoins to access their encrypted data failing which organizations may lose the data forever. The result was that hospitals were left with no option than to turn back new admissions.
Microsoft, the Redmond-based tech giant swung into action considering the scale of the cyber-attack and its Cheif Legal Officer Brad Smith alleged the U.S. NSA of stockpiling vulnerabilities. He was referring to “the the trove of exploits stolen from the NSA last year”. Kenneth Roth, Executive Director Human Rights Watch took to Twitter to condemn NSA’s stockpiling of the Windows OS vulnerability.
This is what happens when governments stockpile vulnerabilities to exploit rather than alert internet companies to correct them. https://t.co/VTdxbzh3Ul
— Kenneth Roth (@KenRoth) May 15, 2017
Microsoft had released a patch for this vulnerability in March this year but organizations who didn’t install the security update were badly hit by the attack. Interestingly, many NHS computers still use Windows XP for which there is no patch. It implies that updating to the latest version of Windows 10 might be the only option these organizations have.
History of the Malware
Ransomware is a decade-old trend in cyber-attacks, though it started in 2005 and has increased in intensity and frequency with each passing year. A research firm reported its findings that ransomware attacks increased by 167% in 2016 compared to 2015. A Los Angeles hospital, Hollywood Presbyterian Medical Center paid $17,000 to regain access to its files, reports The Guardian.
Ryan Francis takes a look at the different types of ransomware used by cyber-criminals over the last few years.
How to secure your organization against cyber attacks?
As a rule of thumb, never open email attachments or emails from people you do not recognize. The current malware that hit 100+ countries also spread through email.
Corporate networks are a hot target for cyber attacks. At least that’s what the recent cross-country cyber-attack reveals. When employees use VPNs to connect to their organization’s network, they mitigate the risk of exposing any information on a public network.
Take for example the case of telecommuting. It is a common practice among organizations these days. Then there are employees who use multiple devices (from smartphone to tablets and a home laptop) to access organizational networks. This is where a VPN creates a tunnel over the internet between two LANs. “Privacy is achieved through the use of a tunneling protocol and security procedures”, writes Ed Engelking of the Tech Republic.
The encryption enforced through VPNs makes it nearly impossible for network intruders to mount corporate cyber-attacks.
And, often it might not be an organization’s own employees that pose threat to the cyber infrastructure. Corporate organizations routinely provide network access to non-employees as well, such as to business partners, vendors, or contractors. Having a VPN connection in place ensures that partners and contractors can be provided access to specific “servers, Webpages, or files” without exposing the whole network to non-employees.
Cisco, an American multinational technology company that sells switches, routers and wireless collaboration endpoints cautioned users to use VPNs carefully. A VPN can also pose threat and become a source of cyber-attack if network and endpoint security is not ensured by the VPN provider. Whenever you try to use a VPN service, check if your VPN gateway has the following security functions baked within the platform:
- Integrated firewall
- Intrusion prevention
Cybercrime is an established reality. As we use a number of devices, an ever-greater number of public Wi-Fi networks, and remote connectivity, the threat of cyber-attacks will only increase. Even if you use a VPN service to protect your online privacy, a baseline security of your desktop and laptop should not be compromised. Endpoint security shall not be left to the VPN provider and a typical user can take baseline measures that protect them with or without a VPN service.
The baseline measures you may take to protect your data are:
- Regularly backup your data (preferentially automated)
- Update Software wherever there is a new release (OS, Browsers, Mobile OS, Applications)
- Avoid unknown downloads
- Ensure your online privacy through Antivirus Software