What a stealthy bugger of a problem. Malware deftly delivered, locking the system by encrypting files and making them otherwise impossible to access unless a fee is paid. A form of data hijacking that can only be admired for its ease of execution, for its viral-like replication that seeks, even hunts, vulnerable ‘unpatched’computer systems.
The global information environment is well and truly primed for plunder, vulnerable to such malicious ‘worms’ as WannaCry. Each age creates the next circumstance for profit, often outside the boundaries deemed acceptable at the time. In a networked age reliant on huge quantities of data, times are good for the intrepid.
The weekend reporting on the WannaCry ransomware worm was filled with predictable gruesomeness, suggesting that the unfortunates turning up to work on a Monday could well discover they were unable to access work files.
Much of the damage had already been done, with notable targets being the National Health System in Britain, and the Spanish telecommunications company Telefonica. In Britain, patients had to be relocated, and scheduled operations and treatment delayed if not cancelled altogether. Crisis meetings were held by members of the May government. As one doctor put it in eerily apocalyptic fashion, ‘our hospital is down’.
Another notable country target was Russia, including networks within the Interior Ministry, suggesting that the cyber misfits in question may have overstretched in their enthusiasm. Russia tends to figure, as it does in other jottings of demonology, as a place of sanctuary for the cyber crooked, bastion where IT sorties can be launched. But not now.
More useful, if sobering analysis, came from Nicholas Weaver, who noted that the strength of the attack was its multi-vector nature. “If a targeted user receives a worm-laden email and clicks on the attachable executable, the worm starts running.” (Computer speak tends to get mangled in its descriptions, since worms would otherwise crawl. But not wCry, which does its damage at an enthusiastic gallop.)
This delightful worm capitalises on a vulnerability evident in the network protocol in Microsoft Windows termed Server Message Block. This is where the ransomeware does its bit, encrypting the files in question, and locking out users on pain of ransom.
Much in this saga is based on systems that were never reformed. UK Health Secretary Jeremy Hunt had been badgered by his shadow counterpart, Jonathan Ashworth, that the NHS’s computer systems were dangerously outdated and susceptible to attack.
While victim blaming is second nature to this trade, Weaver’s salient observation is that the computer industry is just as responsible, if not more so. The persistent use of executable attachments should trigger liability, if not shame.
Developers and members of industry, in other words, should be made the classroom dunces. “Our bottom line up front”, claim Ben Buchanan, Stuart Russell and Michael Sulmeyer for Lawfare, “is that, VEP or no VEP, today’s ransomeware attack highlights the risks of relying on software that is no longer supported by its developer and of not applying patches that the developer makes available.
This article has been excerpted from: ‘The World For Ransom: the Effects of Wannacry’.