In May this year, the world witnessed the largest ransomware outbreak in history, with over 250,000 computers in over 150 countries being held to ransom by the WannaCry ransomware worm. WannaCry’s exploitation of the vulnerability in the Windows Server Message Block (SMB) protocol affected public and private sector organisations including Britain’s National Health Service and global companies such as FedEx, Renault, Nissan, Hitachi and Telefónica.
The outbreak of the WannaCry ransomware resulted in significant consequences: hundreds and thousands of computers became instantly unusable, causing hospital appointments to be cancelled, lives were endangered, transport links were suspended, employees were sent home and business operations drew to a halt. Although the ransomware outbreak caused significant disruption across the globe, it was evidenced that the cyber criminals only managed to get away with £105,000 worth of bitcoins in pay-outs; a paltry sum of money for such a wide-scale attack. Since the attack the bitcoins have been moved – likely by the criminals, one by one, to new wallets, awaiting further action and eventually cash out.
But what has changed since WannaCry and what lessons have we learnt?
Although Cyber-attacks are not unusual by modern standards, the local impacts of WannaCry truly opened the eyes of the public to the potential of large scale malware attacks. Previous ransomware families such as Locky have had similar effects in terms of disruption, but WannaCry and its consequences have now forced the issue of Information Security and Information Assurance into the spotlight more than ever before. And now since May, a successor called Petya (and derivations thereof) has been circulating, causing additional real-world damage as well as ‘logical’ damage to systems. Ransomware has ‘come of age’ in the international consciousness, yet many organisations are simply not doing enough to safeguard themselves from this often untargeted, unforgiving and relentless threat.
Holistic Cyber Security
The ‘WannaCry’ attack highlighted the level of global interconnectivity, with over 150 countries being affected. It also brought into sharp focus the fact that end-to-end encryption and the Internet make it an almost impossible task to keep everything under effective surveillance. Implementing the principles of holistic Cyber Security is essential to businesses; these include effective training and understanding for situational awareness, better nuanced risk appetites, and secure intelligence sharing on an international basis. It is paramount that whilst Brexit may mean changes to the physical border of the United Kingdom, it should not disrupt the ability to share critical information in a secure and dynamic manner, particularly in light of the evolving international component of malicious threats.