On 12th May 2017, the WannaCry ransomware attack spread rapidly and affected at least 150 countries worldwide. Companies and public sector organisations fell foul of it. For example, at least 40 of the UK’s National Health Service hospital trusts were hit, leading to a multitude of medical appointments and treatment being cancelled. The cyber-attack also hit German train stations, throwing Germany’s railway network Deutsche Bahn into utter chaos.
WannaCry, which is also known as WannaCrypt, used tools that were originally developed by the US’s National Security Agency (NSA) to trick victims into opening malicious email malware attachments. These were attached to spam emails containing invoices, job offers, security warnings and other seemingly legitimate files. If someone happened to click on one of them, the ransomware encrypted data on the victim’s computer to demand a ransom – according to The Telegraph’s journalist Chris Graham on 13th May 2017 – of $300 to $600 to prevent the files from being deleted. To restore access to their data the victims were required to pay the ransom to the cyber-criminals responsible for the attack.
In the Deutsche Bahn attack, the ransomware demand notice even appeared on travel information screens at many stations across Germany. Other victims across the world saw the same notice if their machines became infected with the malware – including the NHS. In that case the UK government was held to account with the vulnerabilities that left hospitals open to attack being blamed on the fact it didn’t renew a Microsoft Windows XP technical support contract that might have prevented the malware from taking hold. The NHS also admitted that there was evidence that patients’ records had been accessed by the attackers.
Clive Longbottom, Client Services Director at analyst firm Quocirca commented on Facebook: “I’m assuming that should this NHS attack be shown to be down to cost-cutting measures and corner-cutting by the many private companies involved, they will be held responsible for the financial costs involved, and that their management will be held responsible for manslaughter or reckless endangerment at the human level.” He added that NHS England and the UK’s health secretary Jeremy Hunt – of whom he’s no personal fan – should also be held accountable.
Freelance analyst Dave Morgan replied: “I think at the last count there were something like 23,000 government machines still running Windows XP, but the cost of maintaining them – in the short-term at least – is probably negligible compared to rolling out Windows 10 across the entire estate, and bear in mind that Windows 10 isn’t fully tested, or at least, it’s not fully tested in terms of the bespoke applications that’d be running on it.” He also claims that WannaCry took advantage of mostly social engineering rather than – as reported – any specific technological weakness.
Yet Longbottom argues that the ransomware used a known vulnerability in older versions of Windows, and he claims that any up-to-date anti-virus programme would have prevented the malware from attacking. He thinks the cost of “running a dangerously old operating system has been known for years…” He notes that, to be successful, a ransomware attacks requires the seed of a human action to allow the malware to infect the victim’s computer, and eventually the systems of an entire organisation. To spread it further, the malware needs access to a wide area network (WAN) such as the internet where it can spread like wildfire if left to fester.
US government criticised
The UK government didn’t face criticism alone. Microsoft attacked the US government for developing tools to exploit the computer vulnerability in the first place. The Telegraph reported on 15th May 2017 in an article by James Titcomb, that Microsoft’s Brad Smith – the corporation’s president and chief legal officer – said: “The governments of the world should treat this attack as a wake-up call.” The article, entitled ‘Microsoft slams US government over global cyber attack’, says the company was only able to issue a security update in March 2017 to fix the flaw in its software after the vulnerability used in the ransomware attack was stolen from the NSA. The trouble is that many organisations hadn’t installed the software patch to fix the vulnerability before the WannaCry attack occurred.
BBC News Online also reported the same day that Smith had said: “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability has affected customer around the world.” With the growing sophistication of cyber-attacks, he warns that there is “no way for customers to protect themselves against threats unless they update their systems.” Microsoft would prefer the NSA to inform it of any vulnerabilities in its software. It considers that storing them is very dangerous. David Lee, BBC North America technology reporter, counters in the article ‘Microsoft warns ransomware cyber-attack is a wake-up call’, that the firm also has an obligation to update all of its users – “not just the ones who pay extra for security on older systems.”
Entering the fray is Edward Snowden who criticises the NSA. Chloe Farand reports, ‘NHS cyber-attack: Edward Snowden says NSA should have prevented cyber-attack’, in her 13th May 2017 article for The Independent newspaper. On Twitter Snowden said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.” He said in another tweet, “If @NSAGov had privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened.”
The Economist claimed that day that ‘Ransomware attacks were on the rise, even before the latest episode’ in one of its recent articles following the incident. It therefore makes me wonder why a data castle wasn’t built or strengthened around the companies and organisations that were attacked long before it happened. Lowering your defences by not training people correctly to avoid inadvertently opening email attachments infected with malware, and by not having the right IT security and technical support in place is foolhardy to say the least. It is far cheaper to prevent an attack than to deal with the consequences of one. So, old adages still apply.
Defending an organisation from a ransomware attack, and other kinds of cyber-attack, should be the first priority in an era where data has become the oil – let alone the invaluable gold – that makes it operate. Leaving your drawbridge down by not thinking ahead, and by not investing in protecting it will only lead to disaster. Whether your organisation is operating in the healthcare or transportation sector, you should protect your data castle as much as you can. Sure, eventually you will have to let some data in and out. The challenge is to do in a way that prevents ransomware attacks.
Luckily there is a back-up plan. Organisations can protect themselves from ransomware, and with the right data acceleration, service continuity and disaster recovery plans and solutions in place they can quickly recover – or even prevent – such an attack as WannaCry. An important weapon against ransomware is the creation of air gaps between data and any back-ups. A solid back-up system is the chief way to defeat ransomware, and it has been proven many times over.
With the ever-increasing sophistication of ransomware and the use of online back-up devices, however, those devices will soon be targets as well. It’s therefore important to have back-up devices and media that have an air gap between themselves and the corporate storage network. The WannaCry ransomware attack is the largest and most widespread attack to date. It demonstrates how fast malware can spread if left unchecked. It shows that it can affect a wide range of organisations, no matter where they are located – and more critically it emphasises why it’s important to take a strategic view to prevent any financial, operational or reputational damage from occurring.
This strategy will become crucial. Lots of money is at stake on both sides if ransomware becomes back-up aware. So it’s important to plan ahead, and it’s perhaps a good idea to make back-ups less visible to any ransomware that might be programmed to attack them. To forestall this, it is important to upgrade software to ensure that your systems are more secure, and to deploy machine learning solutions such as PORTrockIT. Solutions like this can enable encrypted data back-ups at distance while mitigating the effects of latency and reducing packet loss. Fast data transmissions and regular back-ups can cheat cyber-attackers out of any victory, and they can protect your data.
So, regardless of where the blame should lie for WannaCry, think about strengthening your data castle today. Procrastination just won’t protect you because it’s like leaving your drawbridge down. Think seriously about protecting your systems to protect your data and your organisation’s lifeblood. With stronger walls your reputation and your customers will be safer. For now the world has to thank cyber-security expert Marcus Hutchins for finding the way to stop the WannaCry ransomware attack. The trouble is, like with any attack, the aftermath is very damaging and costly. So lower your portcullis and raise your drawbridge now to keep cyber-criminals away from your data before it’s too late.
David Trossell, CEO and CTO of Bridgeworks
Image Credit: Pitney Bowes Software