Lessons From A Massive Ransomware Attack

The vicious criminals behind the unprecedented ransomware cyberattack that struck at least 200,000 victims in some 150 countries, appear — at least at this point — to have been motivated by greed rather than terror. Yet regardless of what their precise intent was, they succeeded in inflicting mayhem and chaos on large segments of society, and put many innocent lives at risk.

Hospitals across England were suddenly left without usable computers or phone systems, and were forced to divert ambulances to other hospitals. Chemotherapy patients were sent home untreated because their records could not be accessed, and heart operations were cancelled.

Brazil’s court systems went down, Renault’s assembly plant in Slovenia was forced to stop producing cars, and Spain’s Telefonica — a global broadband and telecommunications company — was hit as well.

As can only be expected, word of the massive attack elicited a considerable share of finger-pointing. Experts pointed out that the attackers managed to gain access to computer systems because users failed to install Microsoft’s March Windows software update. However, in some cases, the victims were using systems that were so outdated that the “fixes” were no longer available. In addition, companies are often hesitant to install patches, fearing that the software change could actually be counterproductive in some other way, and hurt critical operations.

Yet ultimately, it is vital not to be lured into the temptation of blaming the victims. Every effort must be made to track down the real culprits behind these attacks and hold them fully accountable not only for online piracy, but for reckless endangerment of the lives of so many people.

There are numerous lessons to be learned from this fiasco.

Once again we are reminded that technology is a double-edged sword. While the internet has become an integral part of day-to-day living, it is also fraught with grave danger on many levels. Only when we begin to recognize just how risky even the most necessary and basic use of much of modern technology is, will be able to approach our security needs in a responsible way.

It is noteworthy that the way ransomware works is by fooling unsuspecting individuals into opening an email attachment containing malicious software. The malware installs itself in that user’s computer, and as was evident in the latest round of attacks, creates a worm that permeates the computer network of the organization or company that user works for. While the importance of high-tech filters and continuous security updates cannot be overstated, extreme vigilance is always needed when deciding what emails to open and choosing which websites to visit.

In what can only be described as an embarrassment of epic proportions for the U.S. National Security Agency, it seems that the attackers exploited a vulnerability in Microsoft Windows that was first identified by the NSA for its own intelligence-gathering purposes. When hackers stole the prewritten code drafted by the NSA to exploit the flaw, they paved the way for the attackers to cut and paste that code and use it in their own malware. In other words, it was a massive security breach at the NSA that made this most malicious cyberattack possible.

As experts with years of experience in fighting cyberattacks and companies expending significant resources to try to battle these assaults struggled to get a handle on the global crisis, it was a 22-year-old cybersecurity researcher, who unintentionally managed to halt the unprecedented outbreak.

The young researcher, who works for cybersecurity firm Kryptos Logic, who prefers to remain anonymous, was analyzing a sample of the malicious software when he noticed its code included a hidden web address that wasn’t registered. He promptly registered the domain and redirected the attacks to the server of Kryptos Logic, a move that cost him all of $10.86. It was soon discovered that registering the domain name had activated a “kill switch.”

And so, an attack that had begun because of a security breach at the vaunted intelligence agency of the world’s sole remaining Superpower was ironically halted by a 22 year old making an $11 purchase. Once again we are reminded of the extreme limitations of mere mortals, and have been taught a powerful lesson about arrogance and humility.