Last Friday’s The WannaCry ransomware attack acts as a wake-up call for governments worldwide,
The cyberattack on Friday involved a ransomware virus called WannaCry, which affected over 150 countries and 200,000 organizations, including the NHS, FedEx, and the Portugal Telecom. The virus used a hacking tool stolen and developed by the NSA called “Eternal Blue,” which gives them access to all computers using Microsoft Windows.
Its initial purpose by the NSA was to gain access to computers used by terrorists and enemy states, but unfortunately, the hackers behind the cyber attack saw this as an opportunity for misuse. The virus essentially encrypted files of the affected computer, demanding the user payment of $300 in bitcoin to regain access to these files. Further threats included the files being permanently deleted if the user did not pay up, or the amount tripling if not paid within three days.
The organization that was affected the most severely was most likely the NHS in the UK, with disruption from the hack continuing to this day. Computer systems in hospitals across the UK were struck with threats from the hackers to pay a ransom in order to regain vital medical files. Records such as cancer diagnosis or blood test results were inaccessible, and patients were forced to delay potentially life-saving surgeries and treatments. As one can imagine, the virus had the potential to cost many lives.
Who is to blame for the WannaCry ransomware attack and what can we learn from it?
While there is no “single” person to blame for the WannaCry ransomware attack, it can be agreed that governments and organizations could have protected themselves a little better. For one, the virus mainly affected computers that were running on an old version of Microsoft Windows. Many of the organizations that were affected, such as the NHS, were running on obsolete software and did not update their computers to the most recent security updates. According to security experts, about 90% of NHS computers were using Windows XP, which is an outdated 16-year old operating system.
Moreover, although Microsoft had provided free virus protection in March, many of the computers affected did not take advantage of this, leaving them vulnerable to hackers. If NHS simply updated their operating systems and ensured that their security was up-to-date, they could have prevented themselves from being a target of the attack. Clearly, their lack of responsibility caused their patients to suffer, and unfairly so.
While the NHS could have been more responsible, the root of the virus links back to the NSA for failing to report software vulnerabilities to companies so they can be fixed, especially the “Eternal Blue,” which was stolen by the hackers responsible for Friday’s attack.
The stolen exploits were reported earlier this year, and although Microsoft created a patch to address the vulnerability, many computers were not patched, leading to them being susceptible to the hack. If the NSA simply disclosed their software vulnerabilities to the software manufacturers instead of hiding it and creating malware, perhaps the WannaCry ransomware attack would not have happened, or at least would not have occurred on such a significant scale. Moreover, protective measures were not adequately taken by the NSA to protect their own software, because if they were, hackers responsible for the attack would not have been able to steal it.
“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyber space to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.” – Brad Smith (Microsoft)
Friday’s WannaCry Ransomware attack effectively acts as a lesson for governments and organizations worldwide to show how vulnerable they are to cybercrimes due to lack of care and responsibility in protecting their computer systems. The extensive damage done during the course of the hack shows the importance of addressing security flaws and creating the policy to prevent such exploitation in the future.
Read More: “Why Is Fake News A Problem?”