The recent massive cyber attack by the WannaCry or WannaCrypt ransomware worm has been described as one of the biggest the world has ever seen.
Kapersky Lab experts confirmed that the company’s protection subsystems detected at least 45,000 infection attempts in 74 countries.
Over 200,000 computers have been affected so far. Large organisations such as the UK’s health service NHS, European car factories such as Renault in France, FedEx, Germany’s Deutsche Bahn rail network and Spain’s telecommunications giant Telefonica were affected on some level.
Electric utilities face cybersecurity attacks
While many industries across the globe were affected, only a handful of electric utilities came under fire including Scottish Power in UK, Iberdrola and Gas Natural in Spain and West Bengal power utility in Kolkata.
West Bengal utility seems to have been the worst hit. A number of computers at four locations at West Bengal State Electricity Distribution Company in West Midnapur were attacked, crippling their billing capabilities. According to an official, billing for around 800,000 households has been affected already. There is a chance that more of their computer systems will be affected as the ransomware can infect other computers in the network.
The fact that so few utilities were affected is good news as it means that these organisations are putting robust security systems into place. We wrote recently how the sector has to view cyber security as an ongoing process, constantly watching out and preparing its infrastructure for cyber attacks that will keep reinventing themselves. [Cybersecurity-No Finish Line].
Cybersecurity technology on its own can only partially address the issue of cyber threats. [Cybersecurity For The Critical Infrastructure Sector.] Utilities also need to deploy the proper organisation and processes early on in order to supplement the impact of cyber security protection technologies. One potential solution is for utilities and vendors to develop standardised processes together, so that concepts such as device configuration will be effective in a multivendor environment.
Understanding WannaCrypt ransomware
The WanaCrypt0r 2.0 bug basically encrypts data on a computer within seconds and displays a message requesting the user to pay a ransom of US$300 in Bitcoins to restore access to the device and the data inside. Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message, agencies reported.
The ransomware uses a Microsoft Windows vulnerability to enter systems that were not updated after 14 April this year.
While it is not yet known who the hackers are, it is widely accepted that they used the 'Eternal Blue Hacking Weapon' created by America's National Security Agency (NSA).
Finance ministers from the Group of Seven wealthiest countries have been meeting in Italy to discuss the threat of cyber-attacks on the global financial system.
They are expected to release a statement later in which they pledge greater co-operation in the fight against cyber-crime, including spotting potential vulnerabilities and assessing security measures.
In response to the attack, Microsoft has already released emergency security patches to defend against the malware for unsupported versions of Windows, such as XP and Server 2003, as well as modern builds. Security firms have also pushed out file and network traffic signatures to detect the ransomware-worm hybrid's presence and kill it. Microsoft was quick off the ball, emitting signatures for the malware for its systems, writes The Register.
Prepare for bolder cyberattacks
Although cyber attacks have been on the increase for several years now, most have been aimed at relatively small and medium sized companies. But the playing field seems to have changed. Hackers are becoming bolder and are targeting bigger companies and organisations that are responsible for critical services like the NHS and utilities.
In a statement, Chris Wysopal, chief technology officer with cyber security firm Veracode, said that seeing a large telco like Telefonica get hit is “going to get everybody worried.” Worryingly, ransomware is now affecting larger companies with more sophisticated security operations, he added.
This is likely to embolden cyber extortionists when selecting targets, according to Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint. He explained: "Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks.”