A massive ransomware attack affecting more than 70 countries took place on May 12. Ransomware is a type of malicious software that forcibly encrypts data on a targeted system, usually requiring a ransom to be paid in return for decrypting the information. If the ransom — typically requested in bitcoins — isn't paid, then the data is invariably wiped.
The malware in question is believed to be the Wanna Decryptor virus, also known as Wannacrypt. Attackers normally dispatch an email with a dubious link or attachment that, when clicked, enables access to the target and installs the virus. The malware then sends emails to contacts throughout the infected system, allowing it to spread along a connected network. This particular attack targeted older Microsoft systems.
Over 36,000 Wannacrypt cases have been detected globally, affecting the United States, Russia, Spain, Turkey and the United Kingdom, to name a few. The attack struck targets as diverse as the Russian Ministry of the Interior, the British National Health Service, Reuters news agency and Spain’s largest telecom firm, Telefonica. A number of European banks were also affected. The most hit country by far is the Russian Federation — suffering more individual attacks than all other countries combined.
Ransomware is an increasingly common cyber threat. Initially used against smartphones, over the last several years ransomware attacks have increasingly targeted larger information technology systems. This particular attack is believed to exploit a system vulnerability initially discovered by the U.S. National Security Agency around 2013. Though the code is relatively old and patches are in circulation that block the particular loophole that Wannacrypt exploits, many organizations are slow to update their protective measure.
Cybersecurity experts have warned for years of the vulnerability to critical infrastructure. It appears this particular attack was long in the making and primarily motivated by profit. If the hackers achieve a lucrative payout, however, similar large-scale attacks will likely become more common in the future.
