US Government sponsored Ransomware

Posted by The Skibbereen Eagle | May 15, 2017 0

In all the Ransomware publicity which has affected hospitals Governments and financial institutions worldwide two important points have been overlooked. Firstly , the technology used was developed by the US Government’s NSA (National Security Agency) to spy on its own citizens and secondly the methodology of these Cyber Attacks was developed by State Actors, particularly Israel with US help in attacking Iran and its Nuclear Industry.

A warning for Monday 15th May: If you turn on a system without the MS17-010 patch and TCP port 445 open, your system can be ransomwared,” a UK cyber-security researcher who tweets as @malwaretechblog has advised. @malwaretechblog also happens to be the same person who has probably given the world some more time to patch their Windows operating systems and secure all their PCs sharing a local area network (LAN). Beware, for WannaCry has just begun and already, the virus – a malware or more precisely a ransomware – has taken down as many as 200,000 computers in more than 150 countries around the world.

On Friday, the whole world was met with a cyber-attack like no other. @malwaretechblog’s accidental kill switch and the arrival of the weekend gave individuals and organizations some room to breathe. But, hackers would be able to find a way around @malwaretechblog’s fix and Monday’s when it would hit the world really hard.  Millions of devices could still potentially be vulnerable if they had failed to apply the required security patches.

What is all the fuss about?

All it took for hackers to bring about a global mayhem was a tool someone stole from the US National Security Agency earlier in the year and vulnerability in Microsoft’s Windows operating system. Although Microsoft was quick to patch the ‘extremely critical’ flaw in Windows as early as in March, the extent to which the attack crippled the world overnight is a clear sign, “organizations aren’t particularly fond of updating their system software.”

WannaCry or WanaCrypt0r or WCry, the ransomware behind the cyber-attacks, is a modified version of Eternal Blue, a government hacking tool that a group known as the Shadow Brokers released into the wild only last month. Just like any other ransomware, WannaCry also holds your files for ransom and is spread through links or attachments in malicious messages known as phishing emails. Once infected, the ransomware encrypts all data on that computer with the hacker then going on to ask the victim for a sum, often in Bitcoins. If the ransom isn’t paid, the data is often lost forever. In the case of WannaCry, the amount could be anywhere between 300$-600$.

You could be the next target

“The numbers are still going up,” Rob Wainwright, the head of Europol, Europe’s policing agency said. “We’ve seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released.” The majority of organizations affected, on Friday and later, was in Europe, according to Symantec. Russia was the country worst affected, with computers at the nation’s interior ministry getting targeted. The United Kingdom, meanwhile, had its entire National Health Service under attack. Car manufacturers Renault and Nissan, German rail operator Deutsche Bahn, international shipper FedEx Corp and Spanish telecommunications company Telefonica were among other companies affected. 

Who’s to blame?

Even as organizations wake up on Monday, and probably hope everything’s back to normal, Microsoft took to its blog to reiterate the need for urgent collective action to keep people safe online. At the helm of it all, was an advisory for governments around the world – particularly the US government – to stop stockpiling of vulnerabilities. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Brad Smith, president and Chief Legal Officer at Microsoft said.

The US government should have treated the stealing of the NSA tool – WannaCry that was apparently modified for Friday’s cyber-attack by anonymous hackers – and applied the same rules and remedial measures to it as it would do in case someone stole the Tomahawk missiles from its military. “The governments of the world must adhere in cyberspace to the same rules applied to weapons in the physical world,” Brad said.”The WannaCrypt attack is a wake-up call for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”At the same time, Microsoft has advised people and organizations to update their systems “otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support.”

NSA whistle-blower Edward Snowden also took to Twitter to lambast the NSA. “The NSA’s choices risked permitting low-skill criminals launch government-scale attacks, and then it happened. There’s no waving that away,” he said.

What’s the way out?

Researchers will often tell you there’s no perfect solution to a ransomware attack because there isn’t any. It’s a classic case where prevention is better than cure hold valid ground. The first step is, obviously, to stay cautious. Do not, ever, click that attachment you get inside a mysterious email. That’s like the basic 101 to avoid any cyber-attack.

Secondly, update your systems as frequently as possible in case you’re not accustomed to automatic Windows updates. Microsoft, on its part, has rolled out patches for even unsupported versions of Windows such as Vista and XP. Although, running unsupported Windows is a cause of concern any day, the WannaCry ransomware attack is also a wake-up call for people and organizations to switch to supported operating systems. This is not as easy as it sounds for medical organisations like Britain’s NHS s many of the devices are scanners, etc; which had Windows XP embedded when they were manufactured which won’t automatically  update and the makers may no longer be in business. This is also an issue with military systems and is the reason Britain’s Nuclear subs run Windows XP, but this nettle must be grasped now.

But the big lessons here are  Governments must be transparent and take responsibility for protecting the world against technology and strategies they have developed to spy on us and organisations can no longer treat IT Security as the soft spongy bit at the bottom of their priority list which can be kicked to touch as budgets tighten?

The Skibbereen Eagle
Latest posts by The Skibbereen Eagle (see all)

Comments are closed.