Sweeping the globe: So, what is the WannaCry cyber attack all about?

Gwen Vasquez
May 19, 2017

"NSA should be embarrassed - they've had a lot of damaging leaks", said James Lewis, a former USA official who is now a cyber expert at the Center for Strategic and International Studies.

This weekend's global online extortion attack reinforces the need for businesses and other large organizations to update their computer operating systems and security software, cybersecurity experts said.

Other criminals may be tempted to mimic the success of Friday's "ransomware " attack, which locks up computers and hold people's files for ransom.

The attack was a remarkable global event.

Out-of-date software is a persistent problem Hospitals in Britain's National Health Service were among the hardest hit by the ransomware. "Consider adding a rule on your router or firewall to block incoming Server Message Block (SMB) traffic on port 445", said a report in the technology website Engadget.

The risk isn't over.

In this case, the domain turned out to be a "kill switch"-on any system that made contact with the URL, the virus shut itself down".

One of the first "attacks" on the internet came in 1988, when a graduate student named Robert Morris Jr. released a self-replicating and self-propagating program known as a "worm" onto the then-nascent internet. If the ransom is not paid in three days, the ransom amount increases to $600 and threatens the user to wipe out all the data.

Whatever the motive, the huge scale of the attack shows that cybersecurity can have unsafe geopolitical consequences.

The National Health Service in the United Kingdom was working to recover from the ransomware attack, which led to widespread computer disruptions, ambulance diversions, and cancellations of surgeries and office appointments.

While ransom payments for users' stolen data had been notably low, the Security Response blog notes that a bitcoin address linked to the hackers showed a "spike in payments" to the account that began at 8 a.m. Greenwich Mean Time on Monday.

More news: NHS Digital: Trusts sent fix that would have protected them

Americans should hope their nuclear command-and-control systems are safe, but it is possible that may not matter. Bill Nelson, D-Fla., in 2013 on whether someone could hack into a Russian or Chinese system and launch a nuclear missile, he was forced to give a vague answer.

Even if these doomsday scenarios don't ultimately take place, large-scale use of ransomware presents a unsafe route to finances for criminal groups. "We will continue to work with affected (organizations) to confirm this", the agency said.

Such attacks can also exacerbate tensions between nation states.

India Inc has also been on the vigil against "WannaCry", which has claimed victims in over 150 countries like Spanish telecom firm Telefonica, US' logistics major FedEx and Russia's interior ministry. Even if we teach theory, they (ethical hackers) need hands-on-training, and it's very minimal. Of course, the author of WannaCry deserves the lion's share of the blame.

Wannacry encrypts the files on infected Windows system and spreads by exploiting vulnerabilities, it said. And while Microsoft said it had already released a security update to patch the vulnerability one month earlier, the sequence of events fed speculation that the NSA hadn't told the us tech giant about the security risk until after it had been stolen.

Back up your computer and store the safety version in the cloud or on a drive that is not connected to your computer.

Use best judgement when opening emails.

The attack has hit more than 200,000 victims across the world since Friday and is seen as an "escalating threat", said Rob Wainwright, the head of Europol, Europe's policing agency. Smith suggested there needs to be something like a "Digital Geneva Convention" to govern these issues.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, said ransomware attacks like WannaCry are "not going to be the norm".

Nigeria's National Information Development Agency (NITDA) said on Sunday that no report of the attack has been recorded in any corporation in the country.

If governments don't step up, Tufekci wrote, the consequences could be "unthinkable". The initial attack had started after many offices had closed Friday.

Other reports by LeisureTravelAid

Discuss This Article