On Friday 12 May 2017, “WannaCry”, a global ransomware cyber-attack began infecting computer systems across the world. Whilst the initial attack was halted by security experts, hundreds of thousands of computers have been affected and there are warnings that the security situation is only escalating. Are there any lessons that can be learned from this widespread attack?

The Attack

On Friday, the NHS computer systems of at least 48 hospitals across England came under attack with doctors and employees locked out of critical systems and networks. These computers and networks were infected with “ransomware”, a malicious virus which encrypts files and only offers the decryption key in exchange for money.

However, within hours, it emerged that the attack was not an isolated attack on the NHS but rather a massive digital assault. Spain’s National Cryptology Centre said that various local firms were being targeted by this same variant of the virus, including Telefonica and several energy suppliers. In the US, logistics company Fedex has been impacted, in France some Renault factories had to halt production and in Russia, the interior ministry reported infected computers.

This variant of ransomware known as “WannaCry” exploited a known vulnerability originally exploited by the US National Security Agency. Information regarding the vulnerability was leaked by the hacking group “The Shadow Brokers” which has been releasing its cache of stolen NSA hacking tools on to the internet since last year.

 

The ransomware message displayed to infected users.

The Response

In response to the attack, NHS Trusts all over the country urged people to avoid A&E departments where possible. Routine appointments were also cancelled as staff were unable to use phones, access schedules, patient records, emails, X-rays, test results and prescriptions. Stories emerged online of NHS staff being told to ‘batten down the hatches’ by turning off their computers and unplugging their network cables.

The spread of the initial release was soon slowed because security researchers discovered a website domain that the virus checks before the infection starts and were therefore able to disable its spread. Nevertheless, current BBC analysis of the global attack suggests the hackers have already been paid the equivalent of £22,080.

When the NSA tool vulnerability was first publicised, Microsoft patched all of its currently supported operating systems to fix the flaw, but this still left legacy systems exposed. It was these systems that fell prey to the attack. In response, despite Microsoft officially ending its support for most Windows XP computers back in 2014, it delivered a new public patch for the 16-year-old operating system in what it described as a “highly unusual” step.

The Lessons

Whilst the initial release of the attack appears to have been halted, security experts note that anyone could modify the attack to remove the killswitch and begin attacking computers again. The security researcher who helped to limit the ransomware attack has predicted that another attack is imminent. On Sunday, the Europol chief has indicated that the cyber-attack has so far affected 200,000 victims in 150 countries and is warning of an “escalating threat” So what can be done?

The attack highlights the importance of ensuring computer systems are regularly patched to make sure that they are protected from the latest threats. All personal and corporate users of the vulnerable systems should patch their systems immediately.

However, the cyber-attack also highlights the long-standing problem with IT in large organisations – that implementing change is often too difficult or too costly – so they continue to rely on 16-year-old systems which are unsecure and unsupported.

One hopes that governments and corporations across the world have woken up to the dangers of relying on legacy systems and not investing properly in their IT security and infrastructure.