#Ransomware Response: What you need to know about the WannaCry attack
by Oz Sultan on May 19, 2017 at 3:14 PM
Late last week, the NHS (Healthcare System) in the UK was kidnapped by a ransomware attack that locked down computers and shut off healthcare to scores of people across the UK. The culprit — Wannacry — a ransomware attack that is believed to be based on a set of stolen NSA hacking tools.
The Attack affects any Windows 2000/2003, XP, Vista or Windows 8 machine that hasn’t been patched with the SMB update that was issued in March of this year. The risk of this exploit is enormous — as it leverages a network communication protocol and can spread across networks. So far an estimated 220,000 computers have been infected across the globe.
An Accidental Hero
While the attack spread infecting computers across Europe, Asia and Russia — an accidental hero came into the picture and pre-empted the attack from hitting US shores.
The Malware attack fell off last week due to security researcher @malwaretechblog identifying and registering a domain that was set as the killswitch within the Wannacry ransomware code — thereby deactivating the attack.
Why did this happen?
Short answer — because you didn’t patch your computer or disabled Windows auto-updates. Microsoft has issued a brief on what to do in case you’re computer is out of date and if you’re reading this and panicking because a computer near you or your (insert relative’s name) is unpatched — @arstechnica has a detailed writeup on the risk of a cyber event tomorrow and a number of Microsoft resources. This also includes Microsoft issuing emergency updates for older unsupported systems including Windows 2000/2003, Windows XP, Vista and Windows 8. Windows 10 is not affected by this hack.
Why should we still be concerned?
Whoops. Foto vom Kollegen bekommen - Chemnitz Hauptbahnhof hat wohl ein Cryptolocker Problem. pic.twitter.com/IH5B5dyKvM— Nick Lange (@Nick_Lange_) May 12, 2017
There is a huge risk of unpatched systems and critical infrastructure (like the German railway system pictured above) getting hit — and as many governmental systems run older or outdated versions of Windows — the risk is real.
My advice and that of cybersecurity researchers and IT pros everywhere is Patch your systems now. While tomorrow may or may not result in compromised systems domestically — there’s no reason to keep the “front door” of your systems open to potential risks and future attacks.
Where it gets complicated
While the patches solve the issue for most civilians and small businesses — there are critical challenges that healthcare, power system and certain industries face — as patches can oftentimes break specialty software that runs older Microsoft Operating systems — Stilgherrian points out that:
‘The owner of Pinboard noted: I’m a hospital not a tech company, and your updates break my software.
“Blaming people for using ancient software is really weird,” Pinboard added. “There’s no other context where we demand constant replacement of things that work.”
When you’re running a hospital full of machines that go ping, you can’t afford an update to kill those pings, because that in turn can kill people. Context matters.’
What this leads to
Software vendors and Cybersecurity professionals are often at odds with each other as to who should be responsible and financially bear the responsibility of shepherding a move towards standards and security. Our government has a burgeoning Cybersecurity division — but the question arises — is this a question of legislation of corporate engagement? Time will tell.
Update: CCN-CERT has released a tool to prevent the execution of WannaCry: www.ow.ly/lIlb30bJjTm