Cognosec AB (Nasdaq: COGS), an international leader in IT security, GRC and PCI services, has today announced its take on the recent ‘WannaCry’ ransomware attacks. The attacks, which spread like wildfire across the globe, encrypted computers running older or unpatched Windows systems and demanded $300 to $600 in Bitcoins.
Some of the code used to programme the worm had previously been utilised for malware distributed by the Lazarus Group – hackers that were also responsible for the 2014 Sony attack which was blamed on North Korea. The Windows vulnerability that had been identified was originally stolen from the NSA by a group of hackers called Shadow Brokers.
The attack uses a vulnerability known as EternalBlue, a weakness in the NetBIOS implementation. Microsoft has issued a patch which can be found here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
In Britain, hospitals were locked out of their systems. In Germany, railway displays stopped working. Russia was badly affected and China, a booming marketplace for pirated software, was also badly affected. In Spain, the telecom provider Telefonica broke down.
A 20-year-old software engineer found the ‘kill switch’ for the software over the weekend. However, as the worm mutated, the switch didn’t stop its distribution for very long. As businesses opened after the weekend and computers were turned on, the worm began spreading further. So far, more than 230,000 computers in over 150 countries were taken out, and numbers are still rising.
This once again shows us how vulnerable our digital society is. It is another wakening call for enterprises to take security more serious. On the one hand, the vulnerability was known for several months and many failed to adequately assess the risk they were exposed to and failed to secure their systems. On the other hand, many organisations still operate equipment running on outdated unsupported operating systems. While it is understandable that critical infrastructure hardware is difficult and expensive to replace, modern antimalware systems could have stopped the worm from reaching them.
It remains to be seen how long it will take for the affected organisations to return to normal operations. Once again, we will see the importance of resiliency. It is not enough to detect and attempt to contain malware, we also need to focus on restoring our systems as soon as possible once the breach is contained. How well we do this remains to be seen over the next few weeks.
For Cognosec AB: