GRI Current Events Blog

Follow up: Ransomware continues to spread to 150 countries

GRI Research Assistant

May. 15, 2017

On Friday May 12, the  WannaCry Ransomware attack began infecting computers on several hospitals in Britain’s National Health Service network and quickly spread to computers in across the world; over the weekend, the number of countries affected more than doubled, from 74 to 150. However, the potential damage that the ransomware could have inflicted was mitigated by Marcus Hutchins, a security researcher who accidentally discovered a “kill switch” in the software which stopped the malware. By purchasing a certain domain name that was hidden in the malware, Hutchins was able to reroute the malware to a dead end.

(Ransomware example – Wikimedia Commons/Kopiersperre)

Most new infections Monday morning were largely found in Asia, as many workers in Asia had already left for the weekend during the initial outbreak; this second wave did not grow as dramatically as the first. This was due to increasing knowledge about the nature of the virus and cybersecurity firms working to install software patches to defend against the malware. However, the ransomware could be adapted to become immune to this ‘kill switch’, and security experts suspect other versions of the ransomware may continue to spread. Despite the large scope of the attack, the criminal organization behind the malware has only received a little over $26,000 in ransoms through 100 payments of about 15 bitcoins.

This ransomware outbreak is part of a larger global trend; an IBM report in December 2016 found that 40% of spam email contains ransomware, compared to 1% in the previous year, and that 70% of victims pay to retrieve their data, with more than half paying $10,000 or more. US government research reinforces this data, reporting that 4,000 ransomware attacks happen each day, while the FBI reports that the first three months in 2016 resulted in $209 million of losses.

This malware attack helped to reinvigorate the debate about how the government should handle known vulnerabilities and exploits. Currently, the NSA stores information on some known security cyber vulnerabilities, to use it to gather intelligence. Critics argue that undisclosed security flaws utilized by the NSA can also be used by criminal organizations or adversaries, and that security vulnerabilities should be disclosed to vulnerable companies, at least after a given period of time. Dave Aitel, former NSA analyst who runs the security firm ImmunitySec articulated the counter-argument, stating that without these vulnerabilities, the NSA would not be able to track terrorists or rival nations such as Russia and China.

 

Sources and Further Reading:

  1. Computer security experts fear second wave of ‘biggest ransomware attack ever’ – Washington Post
  2. IT expert who saved the world from ransomware virus is working with GCHQ to prevent repeat – The Telegraph
  3. Microsoft warns ransomware cyber-attack is a wake-up call – BBC
  4. Repercussions Continue From Global Ransomware Attack – NPR
  5. How to protect your computer against the ransomware attack – The Guardian
  6. Ransomware attack ‘like having a Tomahawk missile stolen’, says Microsoft boss – The Guardian
  7. Global Cyberattack Hits 150 Countries, Europol Chief Says – NBC
  8. ‘Accidental hero’ halts ransomware attack and warns: this is not over – The Guardian
  9. Trump Signs Cyber Executive Order while Massive Ransomware Attack Hits Europe – GRI blog
  10. The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days – Wired
  11. Cybercriminals have just mounted a massive worldwide attack. Here’s how NSA secrets helped them – Washington Post
  12. Cyberattack wave ebbs, but experts see risk of more – Washington Post


Add Comment



Related

The Global Resilience Institute (GRI) at Northeastern University is excited to announce the funding of 11 interdisciplinary resilience research projects tackling a wide array of critical resilience issues. GRI is funding these cross-college research teams for 1-2 years.
The Global Resilience Institute (GRI) at Northeastern University is excited to announce the funding of 11 interdisciplinary resilience research projects tackling a wide array of critical resilience issues. GRI is…
Distinguished Senior Fellows
The Global Resilience Institute (GRI) at Northeastern University looks forward to drawing on the extensive expertise of four recently appointed Distinguished Senior Fellows. Each of the fellows brings a wealth…
Boston City Hall | By AlexiusHoratius (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons
Boston’s first strategy for advancing resilience and racial equity across the city, Resilient Boston: An equitable and connected city, was unveiled by Mayor Marty Walsh on Thursday. “Our engagement with race…

Security and Resilience Studies Masters Program

Northeastern's MS SRS program prepares the next generation of security leadership to address an evolving array of 21st century challenges.

Learn More

sync

Latest Library Entries

Our Mission

The Global Resilience Institute is committed to informing and advancing societal resilience around the world. Individuals, communities, nations, and the systems they depend upon, can thrive only if they have the means to better withstand, recover from and adapt to the inevitable shocks and disruptive events of the 21st century. Our university-wide Institute is partnering with other leading academic research institutions, nonprofits and the public and private sectors to devise and apply practical, interdisciplinary innovations and solutions to resilience challenges.

Twitter