A magazine where the digital world meets the real world.
On the web
- Home
- Browse by date
- Browse by topic
- Enter the maze
- Follow our blog
- Follow us on Twitter
- Resources for teachers
- Subscribe
In print
What is cs4fn?
- About us
- Contact us
- Partners
- Privacy and cookies
- Copyright and contributions
- Links to other fun sites
- Complete our questionnaire, give us feedback
Search:
Wannacry
by Paul Curzon, Queen Mary University of London
Why is it important to keep software up to date, installing patches as soon as they are released, and keeping regular backups? Hackers make use of unfixed bugs to attack machines and the consequences can be awful, as WannaCry showed.
In May 2017, over 200,000 computers across 150 countries were infected by the WannaCry ransomware. This included 70,000 devices in hospitals in England and Scotland that were put out of commission. Medical operations were cancelled, MRI scanners, theatre equipment even fridges that stored blood were attacked. Demanding payment by bitcoin, the internet currency, devices were 'locked', displaying a message telling the user to pay up or their files would be destroyed. The WannaCry attack lasted for days and is thought to have cost billions.
The code behind the attack exploited a bug in Microsoft Windows that had been announced a few months earlier. Anyone not applying the patch to upgrade their machines was at risk. Hospitals were particularly at risk because they used tens of thousands of very old machines that were no longer supported with bug fixes. Until after the attack there were no patches for them to fix the problem WannaCry exploited. Researchers had pointed out this general problem with old medical computers years earlier, but not enough was done.
The malware contained a 'kill switch', added by the programmers who created the code. It checked a non-existent website. If it got a message from that website suggesting the website now existed then it stopped infecting machines. It may have been put there so that it could tell whether it was trapped on a honeypot computer or not (see 'The Cyber- Security Honeypot'). When malware tries to connect to a website, honeypots fake a reply from that website, so the malware cannot tell that it has no outside connection. Software patches, the kill switch and code created by researchers all eventually helped to combat the attack and four days after the initial infection WannaCry was brought under control.
As an added twist, the US security agency, the NSA, had apparently known about the flaw for a long time. They didn't alert Microsoft about it immediately though, and instead developed software to exploit it themselves. It was part of their EternalBlue hacking software. Unfortunately, that program was stolen by hackers ... and WannaCry was based on it.
Everyone, whether individuals, companies or government agencies, need to be vigilant and work together on security. That includes governments themselves, who perhaps need to learn an extra lesson too. They often assume that they can set up systems that are somehow immune to security breaches, stockpiling tools as here, or putting lots of sensitive data in one place. They are just storing up bigger problems if they do.
Take a back-up
No one who paid the ransom has been reported to have had their data released. Researchers have found ways to get data back from some infected machines but not all. Hopefully, most of those who were attacked had their data backed up elsewhere so could just reinstall everything from scratch! Why is it important to keep software up to date, installing patches as soon as they are released, and keeping regular backups? Hackers make use of unfixed bugs to attack machines and the consequences can be awful, as WannaCry showed.