So, this last week was hustling and bustling with stories of
a malware outbreak, only this time it was a ransomware(WannaCry). There seemed
to be red screens everywhere especially in UK, Germany, some in India, Russia
too. Like any other ransomware this code used a (now) known exploit in Windows
to takeover and finally encrypt user files. This was typically followed by a
demand for bitcoins for decrypting the files back. Let's ignore the 'Killswitch'
story here.
Looking at the bigger picture. Were these countries
targeted? May be not. Despite so much loss and chaos, I am compelled to ask if
this a Good thing...? May be not but you know May Be it is. I will come to that
shortly.
One of the most important observations here is that the it
was possible since the attackers used a recent critical vulnerability in
Microsoft OS - Windows which affects many versions of the OS. There are
multitude of issues reported for Windows and patched weekly by Microsoft but
this was a special one. This was disclosed by a hacker group from the 'data
they stole from the NSA’. What does this mean. It is a fact now that
governments are researching to find such vulnerabilities for the purpose of
warfare, espionage, snooping, etc and using the exploits as powerful tools for
similar purposes. This is where the problem arises.
While I am against adhoc disclosure of vulnerabilities, this
has happened often that security researchers and hackers do a 'Responsible
Disclosure' for issues after a follow up that involves several months of
notifying the vendors involved. And in return are neither acknowledged nor paid
and even have to take the blame for it sometimes. Yes, they do it for free!
However, when respectable governments do the same thing ('irresponsible
non-disclosure'), they somehow are above all ethics. Yes, we all know they can
change their laws that govern the system.
The good part about a ransomware is you can quantify the loss
(forget the chaos and mental agony, that’s priceless :)). This ransomware is
known to have costed the world around $4 Billion by now. It's time we honored the researchers who
save us billions of dollars and immense trouble, by sharing issues in advance every year.
Coming to my first question and hence answer, it may be a
good thing after all. The incidence has made us think about security. That it’s
not just server admins or corporates but as people we need to be aware and be
inclined towards a bit of critical thinking specially before sharing data or
clicking on links and malware. As identities grow faster in the virtual world
of internet, we need to protect ourselves as responsible citizens. Remember,
there are no boundaries in the internet. And unlike typical wars fought on the
ground, attacks in this space can be from anywhere. It may not always be what
it seems like.
Of course, there is no reason for paranoia. If governments
become irresponsible, people will need to be more responsible. In general, do
some housekeeping. Keep Calm and Patch your OS and software. You can automate
this, if it’s too much of a task. Be careful with what you are clicking (avoid
if not necessary). And, simply put be a 'minimalist' when it comes to your
data. Play Safe and have fun responsibly.
Note: For those interested in technical analysis of the ransomware, more details can be found in Endgame's blog here.