Blog-Hero.jpg

blog

The (Human) Face of Ransomware

May 19, 2017 09:09:28 AM

WCry screen 600x340.jpg

When you start to realize the scope and impact the ransomware attack that began on Friday, May 12, 2017, and continued to roll onward into last weekend had not only a huge negative effect on businesses and their operations, but on everyday people, it begins to become all too real.

Whether you call the ransomware WCry, WannaCrypt0r, WannaCryptor, WannaDecryptor, WannaCrypt, or WannaCry (we’re going to refer to it as WannaCry), it has had a major effect on people’s lives and livelihoods. 

It all started around 8:00 AM CET on Friday, May 12, 2017, with reports of a ransomware attack on businesses in Spain, and then it spread like wildfire. The ransomware attack hit Telefonica, a Spanish fixed and mobile telecom provider; but, it only affected their intranet and internal systems, not their telecom operations. The same could be said for Iberdrola, an energy provider; Vodafone, another telecom provider; and Gas Natural, a Spanish natural gas provider, who all took precautionary measures, such as having their employees shut down systems and disconnect from the Internet to avoid the cyberattack. 

Then, there were reports of the same ransomware wreaking havoc on the UK’s National Health Services, with the final tally of over 60 NHS hospitals, GPs and pharmacies in England and Scotland having data held hostage. But, it’s not just information or devices that were being held ransom by the WannaCry ransomware; it was also everyday people whose lives have been negatively impacted by this cyberattack. Some NHS hospitals had to divert ambulances to other hospitals not affected by the ransomware attack. Other NHS hospitals had to delay critical surgeries, even heart surgeries. Many affected NHS hospitals had to stop accepting patients, even in emergency departments, because their systems were being held ransom. Doctors were forced to cancel appointments because they were unable to access patient records due to the WannaCry ransomware attack. Unfortunately, a ransomware attack can be more than just an inconvenience or a nuisance; it can be dangerous. 

But, the WannaCry ransomware rampaged on throughout the world, and more hospitals were in its crosshairs. A teaching university in South Korea was hit, as were two major hospitals in Indonesia, Dharmais Cancer Hospital and Harapan Kita Hospital in Jakarta, which had to operate manually, without infected computer systems, slowing operations to a crawl.  

Hospitals weren’t the only institutions targeted or that had everyday people inconvenienced and harmed by the WannaCrypt ransomware explosion. Chinese state media reports that over 29,000 institutions in the country had been affected by the WannaCry ransomware cyberattack, with disproportionate numbers of universities and educational institutions hit by the attack. Students were unable to access their theses papers or dissertation presentations

Brazil’s social security system was also hit by WannaCry ransomware, forcing it offline and to deny public access, inconveniencing the most vulnerable of Brazil’s citizens – the sick, elderly, and unemployed. Also, the German railway system, Deutsche Bahn, was crippled by the WannaCry ransomware attack, delaying travelers and commuters alike. The Russian railway system was hit by the ransomware attack as well. 

The WannaCry ransomware is also having serious repercussions geopolitically, too. 

After an emergency response committee meeting in Cabinet Office Briefing Room A in Whitehall, affectionately known as a Cobra Meeting, UK Home Secretary Amber Rudd deflected criticism of UK Health Secretary Jeremy Hunt and the effects of the cyberattack on NHS hospitals, GPs, and pharmacies, only to be criticized by many politicians in other parties for her defense. Two of the opposition parties – the Labour Party and Liberal Democrats – are now accusing the Conservative Party, the governing party, of not doing enough to prevent the depth and level of the WannaCry ransomware attack, especially with NHS facilities running many exploitable Windows XP systems. And, with a general election coming up on June 8, 2017, this could be a watershed moment in this election. 

Now, the “blame game” has started in earnest. Microsoft’s President, Brad Smith, said in a blog post that components used in the WannaCry cyberattack were “stolen from” the NSA, comparing that theft to “the U.S. military having some of its Tomahawk missiles stolen,” and going on to say that the “stockpiling of vulnerabilities by governments” is a problem and “an emerging pattern in 2017.” The NSA is pointing fingers at The Shadow Brokers hacking group. Others are calling out Microsoft for not patching the SMB flaw sooner or for not providing a public patch for legacy Windows versions, whose owners have had to pay Microsoft for support since their legacy OS versions reached end of public support. And now, there is some indication that the WannaCry ransomware cyberattack may have been created and launched by the “Hermit Kingdom” of North Korea, or another rogue nation as a “false flag” attack, as pieces of code in WannaCry seem to be the same as code from other cyberattacks attributed to North Korea, such as the attack on Sony Pictures by the “Guardians of Peace” hacking group, which has been rumored to have ties to North Korea. If it is confirmed that the global WannaCry ransomware cyberattack was perpetrated by North Korea, then what happens next is, your guess is as good as mine; but, it won’t likely be good. 

So, you see, while a cyberattack like the WannaCry ransomware seems to only affect businesses and their productivity, it has much deeper, far reaching effects on all of us in the human race. 

That’s the (human) face of ransomware today. 

One way to ensure that you can stay up and running, productive, and make life easier for your users and customers is to make sure that you and your business are protected from ransomware attacks spread by phishing, spear-phishing, drive-by download, and watering hole attacks. The most efficient way to do that is via isolating in the cloud any web or document link your users click on. Menlo Security can help make it safe to click. 

To end on a more positive note, Hacker One, billed as “The World’s #1 Bug Bounty Program,” has stated on Twitter that it paid a $10,000 “hero bounty” to the security researcher who uncovered the inadvertent kill switch in the WannaCry ransomware code. So, what is the 22-year old British man going to do with his new wealth? He’s going to split the gift between yet to be decided charities and a plan to purchase infosec-based books for students who cannot afford them. What a thoughtful, altruistic act! So, finally, some good comes out of the WannaCry ransomware mess! 

Jay Kelley
Written by Jay Kelley

Connect with us

Lists by Topic

see all