By Nicole Lim, Al Jazeera English
The WannaCry ransomware is one of the most massive cyber attacks in recent memory, having infected more than 200,000 computer systems in over 150 countries starting from 19 May, when it was first unleashed.
But what exactly is the ransomware, and how does it infect computers?
The virus exploits a vulnerability in outdated Windows XP computer systems that was first made public by an anonymous hacking group known as the “Shadow Brokers” in a leak of NSA hacking tools in April.
The virus could gain access to a computer in three ways: first, the virus could directly target and enter computers hooked up to the same network as an infected computer, second, the virus could be downloaded into a computer by a user opening a malicious email attachment, and third, the virus could be automatically into a computer by redirecting a user to malicious websites.
Once the virus gained access to a computer system, it would encrypt some of the user’s files. Thereafter, a message would be displayed to the user, notifying him or her that the files would only be decrypted if $300 was paid in Bitcoin. After 72 hours, the amount demanded would increase to $700. After seven days, the files would be permanently locked. The user’s files are held hostage for ransom money, hence the name ‘ransomware’. As in real kidnappings, there is no guarantee the files are unlocked even after payment is made.
Around the world, large, state-affiliated companies and organisations like Spanish telecommunications giant Telefonica and Britain’s National Health Service were hit by the ransomware, paralyzing critical healthcare and telecommunications infrastructure.
According to a reporter from the Health Service Journal, “X-ray imaging systems, pathology test results, phone systems and patient administration systems” in Britain were affected, leading to cancelled medical appointments and operations across multiple hospitals. The public were informed not to visit the A&E or their GP unless absolutely necessary. Thousands of patients’ data risked being compromised, which would have implicated the ability of doctors to properly treat those patients, based on their medical history and individual needs, in the future.
Apart from big organisations, individuals were also targeted, although it is estimated that thousands of such cases were not reported.
Given that this systematic vulnerability had in fact been made public, how was it that such extraordinary damage could have been inflicted, and why were systems not prepared to defend against attacks?
Admittedly, tighter cybersecurity could have prevented most cases of infections. Microsoft had put out a patch two months ago for its operating systems, soon after the vulnerability had been exposed. However, certain devices like some of the medical equipment used in British hospitals are difficult to patch, and are less likely to be updated regularly. Individuals, on the other hand, usually have patches available for their personal computers, but they rarely exercise the initiative to download patches for vulnerabilities they may not know about.
The attack has highlighted the importance of cybersecurity to be in the heart of policy-making. Having the potential to inflict damage on a national level and stymie essential public services, more must be done to prevent another cyber scare of this scale, before lasting and irreversible damage is inflicted.