Over 200,000 devices in at least 150 countries had been infected with WannaCry by Sunday, a piece of ransomware that holds your computer hostage until you pay hackers $300 in bitcoin. WannaCry is the largest cyberextortion scheme ever, reports CNet, and experts are warning that many governments are susceptible due to outdated technology.
Reports indicate that WannaCry infected and temporarily took down the National Health Service computers in Britain on Friday, as well as some DHS computers in the U.S., Spanish telecommunications provider Telefonica and global shipping corporation FedEx, before spreading to Asia.
In Britain, the cyber extortionists were able to exploit a problem in Windows XP that Microsoft had provided a patch for in its newer programs. Due to the virility of this virus, Microsoft made the patch available to all older versions of their operating software as well, an unprecedented move by the company.
An enterprising analyst from MalwareTech stumbled on a simplistic way to halt the initial attack Friday, by activating a kill switch in the software, Gizmodo reported. However, by Monday hackers had adjusted the code so that the kill switch no longer worked.
The vulnerability that made WannaCry possible was first discovered by the NSA and in April it was leaked by the hacker group Shadow Brokers. Malware enters a computer system through an email attachment or someone visiting a website, according to Simon Crosby, co-founder of security software provider Bromium, CNet reported. It then spreads through the local area network through a standard file-sharing technology called Windows Server Message Block, or SMB.
“The criminals really have the upper hand in this situation and most companies are completely unprepared for this kind of attack,” said Gartner analyst Avivah Litan, according to CNet.
If exploited systems failed to make the $300 payment via bitcoin within 72 hours, hackers claimed the price would double, and without payment, all files would become permanently locked. There is widespread fear that hackers were able to obtain private, personal health information during the attack.
Hackers could stand to make more than $1 billion if the ransoms are all paid.
Analysts point to the use of older software systems like Windows XP by many hospitals and the fact that IT professionals could not update or patch the older software until this attack as part of the problem.
“As we look at the overall cybersecurity posture of the country, we have to look at the way we manage old platforms and better protect them,” said Mark Testoni, CEO of security software company SAP NS2, CNet reported.
“Ransomware attackers have discovered that they don’t have to steal or destroy your data to enrich themselves, they just have to hold it hostage,” Fen Osler Hampson, director of global security at CIGI said, according to CNet.
CNet reports that through 2020, 99 percent of all cyber attacks will utilize vulnerabilities that security and IT professionals have been aware of for over a year.
Because of the ease with which vulnerabilities in older software can be exploited, copycat attacks still have “the potential to grow exponentially,” said Rick Orloff, chief security officer at cybersecurity company Code42.
At a White House press briefing Monday, Tom Bossert, assistant to the president for homeland security and counterterrorism, emphasized the importance of updating software, particularly patches.
As GovConWire previously reported, President Donald Trump has issued an executive order which requires that NIST standardize the cybersecurity protocols used by all Federal agencies within 90 days.