Ransomware Sweeps Globe, Reveals Vulnerabilities
By William Tucker
Contributor, In Homeland Security
Earlier this month, a massive ransomware attack infected more than 100,000 organizations in 150 nations. Known as WanaCryptor 2.0 (an alternate name is WannaCry), this is reportedly the first time that a computer worm has been used in a ransomware attack.
For the uninitiated, ransomware typically infects a computer through a security vulnerability and encrypts the victim’s personal files. It holds those files for ransom until the victim pays in Bitcoin for a key to decrypt the files being held hostage.
WanaCryptor 2.0 Ransomware Differs from Earlier Versions
While ransomware has plagued computers for several years now, the WanaCryptor 2.0 variety is an innovation. For instance, most ransomware gets into a computer when a user clicks on a link sent via email or instant message. WanaCryptor 2.0 infects computers in the same way, but unlike traditional ransomware, it can spread across an entire network.
An astute British information security professional, who blogs under the pseudonym MalwareTech, discovered a kill switch that stopped the spread of WanaCryptor 2.0. However, WanaCryptor 2.0 has already been upgraded and is still wreaking havoc. Even though a kill switch has been found, WanaCryptor 2.0 still poses a threat until people patch their computers.
WanaCryptor 2.0 gains entry through a vulnerability in the Microsoft Windows operating system that was patched by Microsoft two months ago. According to Microsoft, the vulnerability was released into the public through a trove of leaked information from the National Security Agency.
Brad Smith, Microsoft’s president and chief legal officer, stated, “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
It’s a smart play for Microsoft to lay the blame at the feet of NSA, but it does little to diminish the fact that the software giant typically plays catch up with security vulnerabilities. Microsoft hasn’t always found the holes that somehow exist in successive releases of operating system versions.
Granted, coding something as advanced as an operating system is not easy. But as we see computer viruses, worms and other cyberattacks continue unabated, it would seem that the OS should have been redesigned from the ground up with security foremost. Unfortunately, it wasn’t.
Intelligence Agencies Worldwide Store System Vulnerabilities
This indictment of Microsoft isn’t meant to diminish the role of NSA either. Intelligence agencies around the world store vulnerabilities found in computing systems for use if necessary. The problem NSA has these days isn’t collecting intelligence; it’s keeping that information secret. Leaks are pouring forth from the agency, even among the most closely held areas of operations.
The Central Intelligence Agency has also entered dangerous territory. The CIA recently suffered a breach of information that was subsequently published by WikiLeaks.
It’s accurate to say that the creators of the WanaCryptor 2.0 ransomware could have discovered this vulnerability on their own. If they hadn’t, someone else would have. However, there is an inevitable vulnerability in computing that cannot be fully mitigated – the human user.
Our current model of computing is a machine with an installed operating system. Because of its relatively inexpensive cost, the computer has become a platform for running software that is simply too sophisticated for a computing device that is universal.
The computers everyone uses are also used for complex systems that run our electrical grids, manage our personal banking or compile our healthcare information. The same vulnerability that affects home users also affects major institutions running on the same operating systems.
Testing A Software Patch from Microsoft Takes Time
Because operating systems are often tied to larger networks, it takes weeks for affected companies or government agencies to test a Microsoft software patch to ensure compatibility. In short, our entire method of computing is a mess that is arguably obsolete.
Today, we are discussing a ransomware issue affecting millions. But in 2003, a Chinese hacker caused a major blackout in the U.S. In 2010, the Stuxnet virus was unleashed on Iran’s nuclear program.
Governments and criminals have already weaponized the very systems we use every day. All of us are affected as a result.
It should be clear that changes are needed. Until such time as Microsoft and other computer manufacturers see the urgency of making those changes, the computer disasters will continue to pile up and create havoc.