On Friday, May 12, roughly 150 countries were hit with a massive cyber-security attack. Hackers are using an encryption device known as WannaCry to break into files in hospitals, law enforcement agencies, and other businesses. The virus locks important files on the computer. When one tries to access the files, a message pops up informing the victim that their data has been encrypted and that they must pay a fee of $300 in BitCoin currency (which doubles in amount after a short period of time) or in seven days the files will be deleted. If the ransom is paid, the hacker provides the victim with a decryption code for said data.
As of this past weekend, a young malware researcher found a temporary fix by infiltrating the program’s “kill switch”, which in this case consisted of buying a domain name that was designed to be applied by the hackers once the ransom was paid, stopping the spread of the virus. It should be mentioned that the cyber-villains are still tinkering with the settings of the program, trying to make it harder to shut down when detected when (and if) they strike again. According to Rob Wainwright, head of Europe’s unionized police force Europol, WannaCry is “still a live threat and we’re still in disaster recovery mode.”
Perhaps the most frustrating fact about this incident is that the little man can really do nothing to prevent it. The issue lies in flaws in software, specifically Windows security. It was reported that recently Windows had released a patch program for problems with the security program. However, many businesses that operate with Windows did not apply or receive the update. The business most heavily hit (specifically in the U.K.) was healthcare, though it is believed it was not meant as the primary target. One main reason for this is that many hospitals can not afford the precious time to shut down their systems in order to update the software. Health and law enforcement (also a major target of the attack) share this misfortune as their data is extremely time sensitive, making them very juicy prey for hackers.
While the threat seems to be contained, it is speculated more incidents will be reported as workers return to work this Monday morning and get back on their computers that were left on over the weekend, as this particular program spreads throughout a single network when one victim clicks on a “kidnapped” file. While reports of this problem have been relatively low in the US compared to our European and Asian neighbors, all businesses should take extra precaution to not let their guard down just yet. Extra care should be taken to verify the authenticity of their Windows provider, no matter where they are located. Russia was one of the greatest affected regions of the attack as many of their Windows software programs were pirated versions with out of date or compromised security. Ideally, malware fighters will stay on top of the situation and keep corporations in the loop about preventing further attacks. However, until the culprits are discovered, all should remain cautious and stay informed.