The world has reeled in the aftermath of the WannaCry ransomware onslaught. Organisations from one continent to the next have reported critical hindrance to their operations. In the United Kingdom, the effect WannaCry had on the National Health Service rapidly developed into a political issue, while in China, nearly 30,000 institutions were shut down or impeded.
In the wake of this attack, many professionals from the cyber security field have said that an attack of this scope and ferocity has been predicted for some time, with some even saying it is overdue. Will WannaCry act as a wake-up call for businesses? Will it spur organisations to realise the threat cyber attacks pose?
Vulnerabilities in Systems
The reason for WannaCry being so effective was traced to a vulnerability in some versions of Microsoft's OS. While Windows had seen the release of a patch some weeks ago, there had been the inevitable delays in applying it, and much of the damage WannaCry wrought was the result of this tardiness. The vulnerability resulted in thousands of computers and networks being locked down; Microsoft perceived the threat to be so great they even took the unheralded step of releasing patches for versions of Windows long unsupported, such as the venerable Windows XP.
The inevitable manhunt is now underway to catch those responsible, with the full weight of international law-enforcement being brought to bear. Common views in media reports seem to profile the attack as being the work of a professional cyber criminal gang with the support of considerable resources. However, some commentators, and those having a background in cyber security, say that the attack's reach should not be taken as evidence of hardened criminal professionalism. In fact, the whole WannaCry affair may have started off as a relatively amateur undertaking- that rapidly got out of hand.
Is the Worst Yet to Come?
The actual code of WannaCry was lifted from the leaked NSA EternalBlue software, and shows marked indications of being something of a cut-and-paste job. The NSA wrote the code to exploit the Windows vulnerability, and there has been a considerable amount of negative comment on the fact that the agency did so, rather than make Microsoft aware of the issue.
Regardless of such matters, it is a frightening thought that a so-called amateur attack can have such a terrible impact. If a professional, persistent and targeted assault were to take place, what levels of damage would we see? Such projections leave us with stark impressions. As our modern world becomes ever more interconnected, we become ever more dependent upon the flow of our computer systems. Any vulnerability in our networks is quickly becoming a vulnerability in our societal fabric. Threats to public peace and order are taken very seriously by the rule of law, and governments are paying increasing heed to the dangers of cyber criminality. It is now time that the world of business also paid a greater level of attention to the threat. In line with this, our next blog will consider ways for companies to toughen their defences against ransomware and cyber attack.