Traditionally, ransomware has merely been a minor hindrance, though it has the potential to be costly. The method behind the madness is actually quite simple. Ransomware is a particularly intrusive form of malware that locks down your computer and prevents users from doing certain activities, like opening a Web browser or accessing the Internet entirely.
In order to remove the ransomware, you must pay a sum to the developers who created it to regain full control of your computer. Of course, it doesn’t always work out that way. Most of the time, ransomware victims are lucky to ever recover access to their computers and related data.
Some of the worst ransomware has been known to encrypt and destroy data, making it more dangerous than other forms of the attack.
Last week, however, a truly nasty and unprecedented form of ransomware — fittingly named WannaCry — was able to infect more than 70,000 machines around the world within just a few hours. Worse yet, some of the affected systems belonged to hospitals. The ransomware actually prevented doctors and nurses from providing aid to their patients, some of whom were in need of dire medical attention.
But the ransomware did a lot more damage than that. It also infected the systems of a telecom company in Spain, UK-based FedEx offices and even the Russian Interior Ministry.
WannaCry caused an unprecedented amount of damage in just under half a day. There were hundreds of thousands of infected machines spread across various industries and six continents. The attackers bet on the fact that businesses rely on multiple computers at any given point during the day, and that many of those affected would be willing to pay for their freedom. Especially in the case of the compromised hospitals, there was no question that it was necessary to regain control of the computers that would allow lifesaving medical care.
In the wake of WannaCry, people worldwide are wondering: how did this interference happen, and how is something like this even possible?
How Did It Happen?
WannaCry doesn’t operate like you’d expect. That is, it’s not a seedy application or form of spam that self-installs on your computer because you clicked a bad link. It spreads, on its own, through a rather obscure Windows exploit that was only just recently patched by Microsoft (News - Alert) engineers. The vulnerability in question is called ExternalBlue, and is the same one the NSA uses as a backdoor.
Yes, that means if you haven’t installed any recent Windows updates — specifically, Security Patch MS17 - 010 - Critical, you should take care of that as soon as possible.
The long and short of it is that, once hackers deployed the virus or ransomware, it targeted Microsoft servers running a file-sharing protocol. Any servers that had not been updated with the security patch after March 14 were quickly infected.
The attackers exploited the vulnerability to drop a payload called DoublePulsar, which included WannaCry. As soon as the first computers became infected, the ransomware began to spread like wildfire, and the rest is history.
This cautionary example goes to show just how important it is to keep both your personal and business computers updated — and not just dismiss update notifications.
How Long Has This Been in the Making?
It’s difficult to know how and when WannaCry was originally developed. What we do know for sure is that this entire event was preventable, which makes circumstances that much more unfortunate.
For decades, experts have warned us about cybersecurity and data risks. We’ve discussed the semantics of online privacy and how to protect ourselves. It seems like nearly every day, there’s a new article with tips on how to protect yourself and your data.
If there’s one key take away from the WannaCry exploit, it’s that all these warnings are absolutely pointless if no one is listening. The negligence and disregard for security have allowed such an exploit to spread so openly. Microsoft clearly did its part. The company patched the vulnerability by releasing an update, and the owners of infected machines simply had to install it, but clearly, that didn’t happen.
Think of all those software applications and mobile apps you’ve installed, but never updated. Believe it or not, many times those updates involve patches and improvements to prevent security breaches like this from happening.
It’s about time we all start taking cybersecurity more seriously, and that includes all of us doing our part to prevent another attack of this scale.