Ransomware has been in the news again lately. One of the largest oil pipelines in the United States was held to ransom by the criminal gang ‘Darkside’.
The Colonial Pipeline Company allegedly paid the gang 5 million dollars to regain control of their encrypted data, but not before fuel prices had increased and a wave of panic buying had swept the United States.
With the Colonial Pipeline incident still fresh in our memories, it is perhaps appropriate to look back at the lessons that can be learned from another massive ransomware attack: WannaCry. WannaCry infected around 200,000 computers across 150 countries. It was a ransomware worm. It exploited vulnerabilities in Windows operating computers and encrypted the data of any machine it infected. The user of the machine was then shown a ransom note asking them to deposit Bitcoin in an online wallet in order to receive a decryption key. A cunning and cruel plot, but what can we learn from it?
Hacking Isn’t Always Private Enterprise
One of the factors that really made WannaCry stand out was its origin. Lazarus Group, the shadowy hacking clan that created the ransomware, was closely tied to the government of the DPRK. The Democratic People’s Republic of Korea is perpetually cash strapped. It has shown a willingness to turn to crime to bring in extra money from abroad. Drug smuggling, weapons deals and counterfeit money printing have all been tried out by the DPRK government in the past. In ransomware, the North Korean leadership found a way of making quick bucks with minimal accountability. Some of the most sophisticated cyber attacks are not conducted by petty hackers, but by malicious governmental organizations.
Code Vulnerabilities Can Cost Millions When Left Unchecked
The success of the WannaCry worm reinforced just how devastating vulnerabilities in code can be for businesses and individual users alike. WannaCry exploited a vulnerability in the Windows SMB system, which controls shared access to authorized files. WannaCry used this protocol to encrypt the private files of users: including lots of sensitive data held by businesses and governmental organizations. WannaCry made it clear that if a business wanted to consider itself safe, it had to constantly audit for weaknesses in their code. Source code security is incredibly important: without it, any software, operating system or site is liable to be exploited by hacker gangs or nefarious governments.
Paying the Hackers Doesn’t Always Help
WannaCry offered victims a choice: pay some bitcoin into a wallet or you’ll never see your files again. Unfortunately, depositing the bitcoin was not a surefire way of getting your precious data back. Many businesses reported paying the ransom and never receiving a working de-encryption key. There is very little reason for a group of government-sponsored hackers to tell the truth about what will happen when you pay the ransom. They likely never thought the attack would go on long enough for reputation to matter. After all, the aim of the operation was to provide North Korea with a quick injection of cash and nothing more.