Ransomware Goes on a Global Harm Offensive

The aptly named WannaCry rattles security teams across the world, hitting governments and private enterprises alike

bitcoin ransomware

Just when the radical uptick in ransomware couldn’t seem bleaker, on Friday, we witnessed an unprecedented global attack. All told, “WannaCry”—which spread to at least 74 countries and 300,000 computers—will reportedly incur $4 billion in losses.

The ransom was said to be at least $300 in Bitcoin, triggered after victims opened an email attachment. It’s worth noting that lost productivity during the lag in restoring data, as well as subsequent investigations/recovery, are far costlier than the ransom itself.

It is not yet clear which group staged this attack. But we do know that the virus used a Windows XP exploit tool created by the NSA, and compromised in a hack on the government agency last month. In response to the latter, Microsoft released a security patch, but many of those who didn’t update their operating system suffered consequences. A U.K.-based tech worker finally halted the attack days later by triggering a kill switch.

In the post mortem, there are several obvious takeaways. IT teams must update software for security patches, train employees to spot malware attacks, and back-up files to thwart ransoms. But those fixes are simply status quo. Analytics-based security, which uses machine learning to spot suspicious behavior—of users, files, servers, endpoints—are far more astute. After all, humans will be human.

Computers infected by WannaCry as of May 14, 2017. (Source NPR, via MalwareTech.com)

According to the Department of Homeland Security, WannCry’s impact on the U.S. has been minimal. Internationally, large companies such as FedEx, Hitachi, and Renault-Nissan were affected by the attack. It also derailed NHS facilities in the U.K. by paralyzing clinical systems.

Asia, however, was hit particularly hard. Indian state police and several Russian agencies (such as its Central Bank, railways, and interior ministry) reported disruptions, though the Kremlin has downplayed the damage. China witnessed the brunt of the attack, which impacted PetroChina, China Telecom, and Hainan Airlines.

The New York Times reports that, in these cases, the culprit is pirated Windows software, which being unlicensed, doesn’t prompt security updates. “A study last year by BSA, a trade association of software vendors, found that 70 percent of software installed on computers in China was not properly licensed in 2015,” the newspaper writes. “Russia, at 64 percent, and India, 58 percent, were close behind.”

Companies relieved that this attack lasted just one weekend shouldn’t hold their breath. Bleeping Computer reports that there are at least five known WannaCry imitators currently in development. Ultimately, malware will grow more sophisticated, evolving past software patches. Quick fixes may stop attacks, but they won’t minimize overall enterprise risk.