On Friday May 12, the WannaCry Ransomware attack began infecting computers on several hospitals in Britain’s National Health Service network and quickly spread to computers in across the world; over the weekend, the number of countries affected more than doubled, from 74 to 150. However, the potential damage that the ransomware could have inflicted was mitigated by Marcus Hutchins, a security researcher who accidentally discovered a “kill switch” in the software which stopped the malware. By purchasing a certain domain name that was hidden in the malware, Hutchins was able to reroute the malware to a dead end.

(Ransomware example – Wikimedia Commons/Kopiersperre)

Most new infections Monday morning were largely found in Asia, as many workers in Asia had already left for the weekend during the initial outbreak; this second wave did not grow as dramatically as the first. This was due to increasing knowledge about the nature of the virus and cybersecurity firms working to install software patches to defend against the malware. However, the ransomware could be adapted to become immune to this ‘kill switch’, and security experts suspect other versions of the ransomware may continue to spread. Despite the large scope of the attack, the criminal organization behind the malware has only received a little over $26,000 in ransoms through 100 payments of about 15 bitcoins.

This ransomware outbreak is part of a larger global trend; an IBM report in December 2016 found that 40% of spam email contains ransomware, compared to 1% in the previous year, and that 70% of victims pay to retrieve their data, with more than half paying $10,000 or more. US government research reinforces this data, reporting that 4,000 ransomware attacks happen each day, while the FBI reports that the first three months in 2016 resulted in $209 million of losses.

This malware attack helped to reinvigorate the debate about how the government should handle known vulnerabilities and exploits. Currently, the NSA stores information on some known security cyber vulnerabilities, to use it to gather intelligence. Critics argue that undisclosed security flaws utilized by the NSA can also be used by criminal organizations or adversaries, and that security vulnerabilities should be disclosed to vulnerable companies, at least after a given period of time. Dave Aitel, former NSA analyst who runs the security firm ImmunitySec articulated the counter-argument, stating that without these vulnerabilities, the NSA would not be able to track terrorists or rival nations such as Russia and China.

Sources and Further Reading:

  1. Computer security experts fear second wave of ‘biggest ransomware attack ever’ – Washington Post
  2. IT expert who saved the world from ransomware virus is working with GCHQ to prevent repeat – The Telegraph
  3. Microsoft warns ransomware cyber-attack is a wake-up call – BBC
  4. Repercussions Continue From Global Ransomware Attack – NPR
  5. How to protect your computer against the ransomware attack – The Guardian
  6. Ransomware attack ‘like having a Tomahawk missile stolen’, says Microsoft boss – The Guardian
  7. Global Cyberattack Hits 150 Countries, Europol Chief Says – NBC
  8. ‘Accidental hero’ halts ransomware attack and warns: this is not over – The Guardian
  9. Trump Signs Cyber Executive Order while Massive Ransomware Attack Hits Europe – GRI blog
  10. The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days – Wired
  11. Cybercriminals have just mounted a massive worldwide attack. Here’s how NSA secrets helped them – Washington Post
  12. Cyberattack wave ebbs, but experts see risk of more – Washington Post