The WannaCry Ransomware cyber-attack has affected organisations across different countries. Still, there are a lot of organisations who have not yet taken cyber security seriously, this event may be a wake-up call for all such organisations. The attack hit around 200,000 computers in more than 150 countries. The ransomware has hit Britain’s National Health Service, railway station networks, ATMs, universities and some of the big companies across Spain, Taiwan, India, Ukraine and Russia, which are also the worst-hit countries.
The attack has highlighted a number of burning and sensitive issues that need to be addressed. The WannaCry attacks used a tool that was stolen from US National Security Agency (NSA). This attack shows the degree to which cyber-security has become a mutual responsibility of government and tech companies.
What Ransomware Does?
Ransomware is a software that infects the system, blocks the access to data and demands a ransom to be paid. It displays a message requesting payment or a certain amount to unlock it. WannaCry is a type of ransomware cyber-attack that has targeted Microsoft Windows operating system.
An important thing to note here is that the Microsoft had already issued ‘critical’ patch in March 2017, nearly 2 months before the attack to remove underlying vulnerability for the supported system. Yet many Windows system and computers did not apply the latest security updates and remained unpatched, as a result of the bug spread very fast across the systems and the attack shook up the world overnight.
This attack is believed to be the largest ransomware attack in the history. There had been some ransomware attacks earlier such as Reveton, CryptoLocker, CryptoLocker.F and TorrentLocker, CryptoWall and Fusob was the major mobile ransomware attack.
WannaCry: An Attack to be treated as a Wake-up Call
Brad Smith, president and chief legal officer of Microsoft rightly pointed out that the government across the countries should treat this cyber-attack as a wake-up call and should adhere same rules as applied to the weapons in the physical world.
Instead of stockpiling, selling and exploiting the vulnerabilities, the government should report them to the vendors. The WannaCry attack is a powerful message for the basics of Information Technology, like keeping the system updated, ensuring security software are updated, making backups of data, making sure to run antivirus software and the most important of all is to avoid opening unknown email and clicking links in those emails.
The WannaCry attack has been stopped for now by a techie who accidentally discovered a ‘Kill Switch’. However, there are still new variations of the ransomware in circulation and could affect millions of devices if required security patch is not applied.
The WannaCry attack has exposed how serious the organisations, government and people are towards the cyber-security. Hopefully, the attack will lead to a change in the approach of all these entities and force them to take cyber-security more seriously at every level.
It has become important to implement technologies to deal with this kind of attacks and not relying on the end-user to carry out all the activities. Although cyber-security experts and cyber-security firms are trying to find out if it is possible to decrypt the data locked in the attack, it will be interesting to see what preventive measures government, institutions and other entities will take to deal with such cyber-attacks in future.