This week we received news of another global ransomware attack that has reportedly affected FedEx, Rosneft, Moller-Maersk, and Merck. This comes hot on the heels of last month’s WannaCry ransomware attack that affected 300,000 computers in 150 countries. It seems these two attacks are linked because they both use the Server Message Block (SMB) protocol to rapidly infect machines on a Windows network. This is the EternalBlue exploit that was reportedly stolen from the National Security Agency (NSA).
It seems the scale and timing of the ransomware attacks should be a major cause for concern. However, I believe that the nature in which these attacks are being dealt with highlights 3 rays of hope that we are turning a corner in cybersecurity.
The first ray of hope is the amount of money being raised from these ransomware attacks. As mentioned, WannaCry affected 300,000 computers with each user being asked for $300 to unlock their data files. That should equate to $90,000,000. It is estimated, however, that only $50,000 was collected. This means that the vast majority of users figured out another way to deal with the crisis. Perhaps users backed up their data or, in the case of Rosneft, switched to an entire backup system. With virtual machines and cloud computing, administrators can simply tear down infected systems and rebuild them to a previous image. The way organizations are dealing with ransomware is a clear sign of better planning.
The second ray of hope is how the attacks are being thwarted. WannaCry was undone by a 22 year old white hat hacker who recognized a simple kill switch. In short, ransomware is designed to recognize traps by sending a request to a fake website. This test is designed to fail and lets the ransomware know that it is on a real machine and not trapped in a simulated sandbox. To stop WannaCry this 22 year old simply bought the fake domain and set up a real website. When the ransomware stopped getting a failed signal it shut itself off. While interesting, the fact that the ransomware was undone by a simple fix is not the ray of hope. The ray of hope is that WannaCry was undone by an anonymous 22 year old researcher, not a major cybersecurity company. We should be happy that there is an army of white hat hackers out there working to keep the internet safe.
The third ray of hope is the scale of the attack. While it is estimated that WannaCry infected 300,000 computers, this new variant has so far only affected 2,000. The SMB protocol exploit, on which both attacks rely, can be resolved by a simple Windows patch. The reason WannaCry was so widespread is that administrators did not update their systems. Perhaps the reduced scale of this new attack points to the fact that administrators are becoming more careful with security patches.
While we can take comfort from these 3 rays of hope, we are not out of the woods yet. Cybersecurity is a game of cat and mouse and this week’s ransomware attack will not be the last. However, organizations spent over $80 billion on cybersecurity in 2016 and the rapid nature in which ransomware is being dealt with proves that this was money well spent.
Eric Sharret is Vice President of Business Development at TELEGRID. TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).
Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc. TELEGRID Technologies, Inc. will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.