There was a massive cyberattack over the weekend that has afflicted 200,000 computers in more than 150 countries. The malware locks users out of their computers and threatens to destroy data if a ransom is not paid. It turns out that the the malicious software used in the cyberattack was originally been developed by the National Security Agency. It was then stolen by a hacking group known as the Shadow Brokers and converted into the ransom malware, WannaCrypt.
There was concern that there might be a second wave spread this morning as people return to work. So far that is not the case.
It turns out that WannaCrypt was especially effective in China. Probably because there is a lot more pirated versions of the Microsoft software on Chinese computers. Microsoft released a patch in March.
The scary news is that the US government is stockpiling malware. As pointed out in Countdown to Zero Day there is no US or international norms on the use of computer malware as weapons. We have the US government funding weaponized computer malware that can be released into the wild causing wanton destruction. We like to think that malware is being used to protect the US, but this is an example of the dangers of creating this malware.
Like any weapon, we should be concerned that it can’t fall into the wrong hands. In the case of WannaCrypt, it was stolen and put to evil use.
Thankfully a benevolent hacker found the weakness in WannaCrypt. There was a kill switch. If not, it could have done much more damage.
The malware attack was a good example of the need to keep software up to date.
Sources:
- The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack by Brad Smith
- WannaCry: What is ransomware and how to avoid it
- Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool by NICOLE PERLROTH and DAVID E. SANGER
- Cyberattack Spreads in Asia, Though No ‘Second Wave’ Is Seen by GERRY MULLANY and PAUL MOZUR