The WannaCry ransomware attack has now infected more than 230,000 computers in over 150 countries (see wikipedia.org/wiki/WannaCry_ransomware_attack for details). And this could be just the tip of the iceberg.
China and Russia have been particularly hard hit because companies, government agencies, and universities all use pirated and therefore unsupported and unauthorized software. A 2015 study by the Business Software Association found that 70 percent of software installed on computers in China was not properly licensed, with Russia close behind at 64 percent unlicensed usage. Companies using pirated software are especially vulnerable to malware attacks since they are not privy to major security patches that could prevent the attacks. Microsoft issued a patch for the vulnerability the attackers used as an entry point back in March and even fixed it for XP, which it long stopped supporting. However, pirated systems typically don't install those patches, so computers running illegal software remained vulnerable.
One thing Vladimir Putin and Microsoft have in common is they both blame the U.S. government for developing the EternalBlue hack, which led directly to the WannaCry malware exploit. The U.S. has backed away from signing a cyber security agreement with Russia and there are accusations that Russia may have been responsible for releasing the trove of National Security Agency (NSA) hacking tools behind this attack. One thing everyone agrees upon though is that this may be the first wave of many attacks like this, as the tools available today make it easier for non-experts to develop malware.
Many are pointing their fingers at North Korea as the source of the attack, based on similarities in the code that was used in prior attacks from North Korea. However, this is not yet conclusive, as it is also common for perpetrators to try and create suspicion by deliberately planting code to deflect the actual source of the malware. North Korea is the prime suspect, however, and given prior attacks against Sony and the Bangladesh Central Bank, the country is likely involved in this one way or another.
If you look beneath the surface there are reasons for both concern and possibly some light at the end of this very dark tunnel. First, some of the troubling news. It looks like this malware, unlike many preceding virus attacks, isn’t spread by phishing emails, which rely on end-user error in opening the phony email. Security experts generally agree at this point that the virus can be spread through no fault of the end-user, thus the responsibility belongs with the underlying IT department to manage the security of its company’s networks by ensuring the use of the most up-to-date, licensed software and uploading security patches as they become available.
On the up side, this conclusion, if proven to be correct, may bring positive benefits from a license compliance perspective. This situation encourages computer users to be connected online and running the latest legal versions of the operating systems and underlying applications. The use of unauthorized software could be discouraged, since it can be a means for infecting networks with malware. Use of end-of-life platforms like Windows XP could also be discouraged, since these systems can only be patched after an attack occurs. While air-gapping critical infrastructure (deliberately not connecting to the internet) can be used to isolate machines from attacks, this is increasingly challenging given the need for collaboration and regular software updates, especially the critical software updates pertaining to security.
The NSA and other exploits are out there today. It is up to the technology industry to aggressively patch systems to eliminate the vulnerabilities and track down the sources of malware. The user community must be educated to use only legitimate, up-to-date, licensed platforms and applications. Corporations using software across the globe need to implement a compliance program so they can protect their networks by keeping track of their licensing and ensuring their IT departments and employees are using only legitimate, up-to-date copies of software. We have a long road ahead of us!