Global Cyber Attack: Nation-State Powered Ransomware?

A fiercely aggressive cyber-attack was unleashed on the world Friday, May 12th, and has so far affected 300,000 computers globally. Dubbed WannaCry by many, but also referred to as WannaCrypt, WCry, and Wana Decryptor, this malware takes advantage of a Windows vulnerability to spread through local networks and remote hosts.

As of Monday afternoon, 150 countries have been impacted as speculation swirls around North Korea as the potential source of this coordinated attack.

Global Cyber AttackStockpiling Vulnerabilities

The National Security Agency (NSA) had previously documented the vulnerability without disclosing the issue to Windows, allegedly because they wanted to have the ability to have a backdoor into other computers. It appears as though the existence of the vulnerability was then stolen from the NSA and published by hackers online in April of this year. Once Microsoft was made aware of the vulnerability through this leak, they created and distributed a patch to solve it, but unfortunately, many systems remain un-updated and vulnerable.

Microsoft’s President and Chief Legal Officer Brad Smith said in a blog post on Sunday that the tech industry and government entities need to work together to protect the public from these threats, and that the actions of the NSA were leading to further security risks. He said, “…this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.” He continued, “And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”

Huge Impacts Globally

According to NPR, reports began flooding in about hacker attacks across the United Kingdom and beyond, hitting the UK’s National Health Service (NHS) particularly hard beginning on Friday. This resulted in patients being turned away in many locations and made medical records inaccessible for a time. Many other entities including a major Spanish telecom company, investment firms, utility companies, and even universities in Asia have also been impacted. Once infected with the malware, the computer user is presented with a “ransom note” that demands over $300 in the digital currency bitcoin. From Friday to Tuesday, the number of affected systems doubled to 300,000. It is unclear if paying this ransom restores the encrypted files.

Link to North Korea

Reuters reported on Monday that North Korea has been implicated in this coordinated global attack according to cybersecurity researchers. Similarities in the code, between this attack and past attacks by hackers from the North Korean Lazarus Group, have made security professionals believe there is a link to the North Korean state. It will likely take a long time to determine the original source of attack.

Protecting Yourself From Ransomware

Whether as an individual, a business or a government entity, it is vitally important to ensure that systems are updated regularly and kept current. The patch previously released by Microsoft was effective in thwarting the hack – only those who had not updated their systems found themselves victims of this malicious attack. It takes time and energy to stay on top of web security, but due diligence can prove to be invaluable, as anyone who has been a victim to a hacker attack knows.