Follow up: Ransomware continues to spread to 150 countries
by GRI, GRI
May 15, 2017
On Friday May 12, the WannaCry Ransomware attack began infecting computers on several hospitals in Britain’s National Health Service network and quickly spread to computers in across the world; over the weekend, the number of countries affected more than doubled, from 74 to 150. However, the potential damage that the ransomware could have inflicted was mitigated by Marcus Hutchins, a security researcher who accidentally discovered a “kill switch” in the software which stopped the malware. By purchasing a certain domain name that was hidden in the malware, Hutchins was able to reroute the malware to a dead end.
Most new infections Monday morning were largely found in Asia, as many workers in Asia had already left for the weekend during the initial outbreak; this second wave did not grow as dramatically as the first. This was due to increasing knowledge about the nature of the virus and cybersecurity firms working to install software patches to defend against the malware. However, the ransomware could be adapted to become immune to this ‘kill switch’, and security experts suspect other versions of the ransomware may continue to spread. Despite the large scope of the attack, the criminal organization behind the malware has only received a little over $26,000 in ransoms through 100 payments of about 15 bitcoins.
This ransomware outbreak is part of a larger global trend; an IBM report in December 2016 found that 40% of spam email contains ransomware, compared to 1% in the previous year, and that 70% of victims pay to retrieve their data, with more than half paying $10,000 or more. US government research reinforces this data, reporting that 4,000 ransomware attacks happen each day, while the FBI reports that the first three months in 2016 resulted in $209 million of losses.
This malware attack helped to reinvigorate the debate about how the government should handle known vulnerabilities and exploits. Currently, the NSA stores information on some known security cyber vulnerabilities, to use it to gather intelligence. Critics argue that undisclosed security flaws utilized by the NSA can also be used by criminal organizations or adversaries, and that security vulnerabilities should be disclosed to vulnerable companies, at least after a given period of time. Dave Aitel, former NSA analyst who runs the security firm ImmunitySec articulated the counter-argument, stating that without these vulnerabilities, the NSA would not be able to track terrorists or rival nations such as Russia and China.