This past weekend, cybercriminals hijacked hundreds of thousands of computers worldwide using a form of malicious software known as ransomware. The attack may bring financial losses around the world of up to $4 billion. We spoke with Senior Lecturer Steve Weisman, a cybersecurity and identity theft expert, to discuss the details behind the attack and if we should expect more of them in the future.
Q: Who is behind this cyberattack?
Weisman: At the moment we don't know who is behind the attack. The ransomware has some indications that it was not at the level of sophistication one would expect from nation-state-sponsored hackers such as we see in Russia or China. It could have been organized crime that did it. Interpol once estimated that there are only about a hundred cybercriminal geniuses, but that they sell their work on the “dark web” to other less sophisticated criminals who carry out the attacks. They may be what happened here.
Q: How did the attack work?
Weisman: The particular ransomware used is called WannaCrypt. It exploits a flaw in the Windows operating system to encrypt data of targeted companies and institutions. The cybercriminals then threaten to destroy their data if a ransom is not paid.
Q: Did Microsoft try and block the attack?
Weisman: Microsoft issued a patch for this vulnerability a few weeks ago, but many companies and institutions have not installed it yet. The problem is that many companies and institutions still use the outdated Windows XP operating system which Microsoft abandoned a few years ago and no longer issues software updates and patches. This made the companies using this operating system more vulnerable. In an unprecedented move, Microsoft over the weekend issued a patch for this problem for the Windows XP operating system.
Q: Should we expect other cyberattacks like this in the future?
Weisman: We can expect similar attacks in the coming year, perhaps even worse. An interesting aspect of this is despite the level of sophistication of the malware used, it always has to be downloaded by victims. This happens when employees in the organization fall prey to phishing emails where they are lured into clicking on links that download malware.
Q: What should companies do to protect themselves?
Weisman: Companies should be automatically backing up all data daily to protect themselves against ransomware. They should install analytics that screen emails for phishing emails and should train their employees not to click on unverified links. Companies can also install white listing software that prevents the downloading of unauthorized computer software.