So, this last week was hustling and bustling with stories of a malware outbreak, only this time it was a ransomware(WannaCry). There seemed to be red screens everywhere especially in UK, Germany, some in India, Russia too. Like any other ransomware this code used a (now) known exploit in Windows to takeover and finally encrypt user files. This was typically followed by a demand for bitcoins for decrypting the files back. Let's ignore the 'Killswitch' story here.
Looking at the bigger picture. Were these countries targeted? May be not. Despite so much loss and chaos, I am compelled to ask if this a Good thing...? May be not but you know May Be it is. I will come to that shortly.
One of the most important observations here is that the it was possible since the attackers used a recent critical vulnerability in Microsoft OS - Windows which affects many versions of the OS. There are multitude of issues reported for Windows and patched weekly by Microsoft but this was a special one. This was disclosed by a hacker group from the 'data they stole from the NSA’. What does this mean. It is a fact now that governments are researching to find such vulnerabilities for the purpose of warfare, espionage, snooping, etc and using the exploits as powerful tools for similar purposes. This is where the problem arises.
While I am against adhoc disclosure of vulnerabilities, this has happened often that security researchers and hackers do a 'Responsible Disclosure' for issues after a follow up that involves several months of notifying the vendors involved. And in return are neither acknowledged nor paid and even have to take the blame for it sometimes. Yes, they do it for free! However, when respectable governments do the same thing ('irresponsible non-disclosure'), they somehow are above all ethics. Yes, we all know they can change their laws that govern the system.
The good part about a ransomware is you can quantify the loss (forget the chaos and mental agony, that’s priceless :)). This ransomware is known to have costed the world around $4 Billion by now. It's time we honored the researchers who save us billions of dollars and immense trouble, by sharing issues in advance every year.
Coming to my first question and hence answer, it may be a good thing after all. The incidence has made us think about security. That it’s not just server admins or corporates but as people we need to be aware and be inclined towards a bit of critical thinking specially before sharing data or clicking on links and malware. As identities grow faster in the virtual world of internet, we need to protect ourselves as responsible citizens. Remember, there are no boundaries in the internet. And unlike typical wars fought on the ground, attacks in this space can be from anywhere. It may not always be what it seems like.
Of course, there is no reason for paranoia. If governments become irresponsible, people will need to be more responsible. In general, do some housekeeping. Keep Calm and Patch your OS and software. You can automate this, if it’s too much of a task. Be careful with what you are clicking (avoid if not necessary). And, simply put be a 'minimalist' when it comes to your data. Play Safe and have fun responsibly.
Note: For those interested in technical analysis of the ransomware, more details can be found in Endgame's blog here.