Those “in the know” in the cybersecurity world have been aware for more than a year of the threat posed by ransomware, a type of malware that locks victims’ access to their files until they pay a ransom. But discussion of the threat was mostly localized to cybersecurity professionals, blogs like this one, and various guidances released by federal agencies during 2016. But ransomware may just have entered the general public consciousness in a big way.
An enormous, worldwide ransomware attack on May 12 hit major state and private institutions and other targets worldwide and exploded onto the front pages of publications like the New York Times. The attack utilized a ransomware variant called “WannaCry,” which is believed to be based on a stolen National Security Agency hacking tool that targets a vulnerability in Microsoft Windows servers. The technology is thought to have been stolen from NSA in the Shadow Brokers’ attack last year and was released online by the Shadow Brokers last month.
Medical, educational, governmental, and other institutions worldwide have been affected by the hack, with Avast estimating on Saturday that 126,000 computers in 104 countries have been hit. Entities impacted included the Russian Interior Ministry, German rail company Deutsche Bahn, Spanish telecom firm Telefonica, and corporate and university networks throughout China. Federal Express was also hit, though the United States was apparently spared the worst of the attack because of the fortuitous discovery of a temporary “kill switch” to the malware by a young British cybersecurity researcher. Microsoft also helped to slow the attack because it had released a rare emergency security patch for Windows XP, which it has not supported since 2014. The Department of Homeland Security has issued a statement advising users of the Microsoft patch and directing Americans to the US Computer Emergency Readiness Team for additional information on best practices for protecting an organization from ransomware.
One of the hardest-hit institutions was Britain’s National Health Service, as approximately 20 percent of the country’s “public health trusts” were affected at one point. All but six of the 48 NHS organizations attacked were back to normal as of Saturday, according to British Home Secretary Amber Rudd. The targeting of the NHS will come as little surprise to the United States health care industry, which has been the target of successive ransomware attacks in 2016 and 2017. To address cybersecurity vulnerabilities in the health care center, the US Department of Health and Human Services is planning to launch a new Health Cybersecurity and Communications Integration Center in June.
The scope of the WannaCry attack has the potential to make it a watershed moment for public awareness of the ransomware threat and governmental response to it. NBC News notes that the attacks were a focus of G-7 financial chiefs, including US Treasury Secretary Steven Mnuchin, at their meeting in Bari, Italy on Saturday. Privacy advocates in the United States are likely to accentuate that the attack used technology stolen from the NSA, and Prime Minister Theresa May’s government in Britain is already under attack from the opposition Labour Party for supposed unpreparedness for the strike on the NHS. The extent to which this new notoriety will translate into effective policy remains to be seen. But governments and other actors are officially on notice — after Friday, they will not be able to claim that ransomware caught them by surprise.
