The world woke up on Friday, the 12th of May and became aware of the pernicious variant of cyber attack commonly known in the sector as ‘ransomware’. So what is ransomware? Ransomware is a computer program or application which covertly installs on a computer device, then seeks to extort money from the owner of the device by either encrypting the the devices system data, rendering the device unusable, or threatening to leak or expose the data to the wider public.
So why is it in the news and why now. The recent variant that affected 100 countries simultaneously and still spreading has affected critical infrastructures in several countries. In the UK, NHS systems (which is the national health service) has been hit hard, the German Deutsche Bann train network system has been hobbled, Telefonica that operates across Europe has been affected, other countries are experiencing computer shut downs to stem the tidal wave of infections. This attack was not targeted at any particular sector or country, but is spread by email.
This attack was caused by a bug called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in the defunct Windows XP Operating system. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.
The ransomware demanded affected users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.
“This was eminently predictable in lots of ways,” said Ryan Kalember from cybersecurity firm Proofpoint. “As soon as the Shadow Brokers dump came out everyone [in the security industry] realized that a lot of people wouldn’t be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch.”
Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.
By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.