Starting on Friday May 12, 2017, a global ransomware (aka cyber warfare) attack hit over 150 countries, including the USA, Canada, and China.
The Wikileaks Vault 7 information, released in March 2017, clearly showed how the America CIA had discovered and/or created exploits to use for cyber warfare. The disturbing news from the Wikileaks Vault 7 information suggest these tools for cyber warfare escaped the control of the CIA and are now in the hands of an unknown number of rogue agents, contract workers, hackers, foreign governments, and organized crime.
RELATED: The World's Most Dangerous Hackers
The many people who had access to these cyber warfare tools in the CIA arsenal, allowed their theft to go untraced. There was speculation by Wikileaks that there was a very high probability the cyber tools would be sold to the highest bidder - regardless of their intended use. The warning from Wikileaks was very serious.
Global Cyber Warfare Attack
That speculation by Wikileaks is now a brutal reality during the recent attack on countries around the world.
News X reported the cyber warfare attack used an exploit in the Microsoft Windows 10 software to deliver “somsomware" to computer systems and then use the infected computers to rapidly spread the ransomware on to other computers on its own network and any connected via the Internet. Full damage assessment of this cyber warfare attack has not yet been made; however, it is estimated that they will be in the multiple tens of billions in US dollars.
What is Ransomware?
Ransomware is a type of malware that attacks a computer, and then encrypts all the data on it, making it impossible for a user to access any of their data. The ransomware then demands payment of a fee in order for the user to get the encryption code necessary to unlock the computer. In this cyber warfare attack the ransomware demands payment of $300 to unlock the files. If the payment is not made immediately, the ransom increases. In two hours, the price goes up to $500 and increases by $100 increments thereafter by the hour.
Worse yet, there is no guarantee if paying the fee even produces a positive result. In past cases, paying the ransom fee did not guarantee the encryption code would be forthcoming and the computer files could stay locked permanently. Moreover, it would seem that any fee payment (unless done by anonymous systems, such as Bitcoin) would immediately identify the perpetrators of this global crime and bring them under the threat of arrest or retaliation.
Cyber Attack on Vital Services
Many of the networks attacked were government organizations, law enforcement, political parties, hospitals, educational institutions, airports, utility companies, train stations, and other targets providing vital services. This caused major disruptions in normal operations. Airports had to be closed, patients waiting for life-saving surgeries in hospitals experienced delays, and official websites for important government and non-governmental organizations went offline. Many of the attacked systems are still disabled.
Microsoft Has a Security Patch For This Problem
Microsoft was aware of this problem and issued a security patch in March 2017, prior to this attack, that prevents the exploit being used by ransomware. Those who regularly installed Microsoft security updates were not affected. This accounts for the disproportionate amount of successful attacks that occurred outside the Untied States - where illegally downloaded or outdated copies of Windows were more prevalent.
Most US-based Windows users allow Microsoft to automatically install security updates as soon as they become available - since the option is highly recommended for any Windows users. Those who did not enable automatic installation of security updates for Windows, did not have that option, or did not manually update their software were vulnerable.
Defense Against Ransomware Attacks
Cyber warfare attacks will only get worse in the future. To mitigate your risk, always update your software with the most current security updates (automatically if you can). Make regular, frequent (daily, weekly, monthly) full backups of all critical path systems and put those backups on removable storage. Take storage offline and physically disconnect it from the network to avoid any infection by malware or ransomware.
In an emergency such as the one that just occurred, having these clean backups will save your organization from shutdown and disaster. Given the speed that computer systems, computer hacking, and cyberwarfare is evolving, computer users (especially those working with sensitive info or essential systems) need to be vigilant.
Source: News X