Ransomware: Guidance from the National Cyber Security Centre

Isaac Cain
May 19, 2017

Instead of developing hacking tools in secret and holding them for use against adversaries, governments and intelligence agencies should share weaknesses they find with Microsoft and other software makers so that vulnerabilities can be repaired. Two former intelligence officials and a retired Navy admiral told the Senate committee on Thursday that the US lacks first responders for cyber attacks. It operates by encrypting a computer system and demanding a ransom to release it.

Questions are now being asked about the vulnerabilities caused by reliance of many parts of the NHS on ageing infrastructure and software.

One theory suggested that 90 percent of NHS trusts across the United Kingdom were using Microsoft's 16-year-old OS Windows XP, which could leave them susceptible to attacks.

The so-called "WannaCry" virus hit older versions of the software, such as Windows XP, particularly hard, and the UI suspended support for Windows XP in 2014. The malware primarily targeted users of Windows XP, which was launched by Microsoft in 2001. (These are the most important patches that the company recommends users install immediately).

It said "computer hardware and software that can no longer be supported should be replaced as a matter of urgency". "That's going to become a more common practice".

Some 47 NHS trusts fell victim to these ransomware attacks resulting in devastating consequences for some patients, as operations were cancelled and medical records held for ransom.

More news: Allardyce agrees with Mourinho that last league game should have been moved

A researcher from Google posted on Twitter that an early version of WannaCrypt from February shared some of the same programming code as malicious software used by the Lazarus Group, the alleged North Korean government hackers behind the destructive attack on Sony Corp in 2014 and the theft of US$81 million from a Bangladesh central bank account at the New York Fed a year ago. On its own, the shared code is little more than an intriguing lead.

"Companies like Microsoft should discard the idea that they can abandon people using older software", Zeynep Tufekci, an associate professor at the school of information and library science at the University of North Carolina, wrote in a New York Times opinion piece over the weekend.

The initial attack on Friday - called "WannaCry" - first infected computers that run the UK's hospital network, Germany's national railway and several other companies and government agencies worldwide in what is being called the "the biggest ransomware attack ever".

But in this case, according to Kaspersky Lab, the shared code was removed from the versions of WannaCrypt that are now circulating, which reduces the likelihood of such a "false flag" attempt at misdirection. The exploit surfaced online back in April with the Shadow Brokers data dump, which Microsoft had already patched on March 14.

He said that intelligence agencies tended to be good and responsible stewards of the hacks and exploits they develop.

The ability to quickly engage in both cyber policing and combat has taken an added degree of urgency as officials continue to grapple with the Russian intrusion in the 2016 election.

Other reports by LeisureTravelAid

Discuss This Article

FOLLOW OUR NEWSPAPER