WannaCry: You Probably Haven’t Even Seen the Beginning – Let Alone the End

This latest cyber attack has been called a “wake-up call.” But no one will wake up. Ransomware attack ‘like having a Tomahawk missile stolen’, says Microsoft boss | Technology | The Guardian. (The name of this malware – WannaCry – always makes me think of the song “She Makes Me Wanna Die” from the soundtrack of The Replacement Killers. The video is at the end of this post.)

The cyber attack on Friday was stopped. (More on that in a bit.) But the fix was likely temporary. And new versions without a “kill switch” have been reported in the wild. So buckle-up buttercup, cause it gets bumpy from here.

Security officials around the world are scrambling to find who was behind the attack which affected 200,000 computer users and closed factories, hospitals and schools by using malicious software that believed to have been stolen from the US National Security Agency.

Can you imagine the devastation that would be unleashed if the .gov got a backdoor into every smartphone? Because they clearly can’t be trusted to keep secret things secret.

Businesses and hospitals were running PCs with Windows XP, and claiming that they are “critical infrastructure” and they also exposed those PCs to the public internet. What a bunch of idiots.

As I said the other day. If you are running “critical” systems on an operating system that isn’t supported, or you aren’t keeping up with the security updates, then treat it like a critical system and take it off the public internet.

  1. Make your system separate from the Internet. A hard gap. No access to the outside, only access to the features (like medical records) that are critical. (And no access to email, etc.)
  2. Commit to keeping your systems up-to-date. That means applying every MS patch Tuesday update, updates for all your application software (including such things as PDF readers) Not as fool proof as 1, but you can say you are doing your best.
  3. Go back to keeping records with pen and paper

Of course, no one will do this. Executives/Administrators/Powers-that-be will claim it is critical, and that it MUST be available on the internet, that we can’t possibly keep up with monthly security updates, or afford new hardware, and it isn’t our fault. It’s the fault of those damn folks in Information Technology who didn’t scream loud enough about this being a problem. We didn’t believe them when they spoke calmly.

So this will march on, probably picking up where it left off on Monday morning. And people will buy Internet of Things light-bulbs because it is cool to be able to make them change color with my smartphone, and the passwords will stay as admin/admin, and the next fiasco will be just around the corner.

I hope you enjoyed the Internet, because I think it is about to come crashing down around us for the sake of colored lights. And because cheap-ass executives can’t see the benefit of keeping up with security.

So how did this attack get stopped on Friday?

The original attack lost momentum late on Friday after a security researcher inadvertently took control of a server connected to the outbreak.

“You keep using that word. I do not think it means what you think it means.”

He “inadvertently” studied the code, found the kill switch, registered the domain in question, and saved the day. Definitely NOT all blind luck. Journalists’ job is to get the words right, but too often they are clueless. He didn’t inadvertently stop this thing. He stopped it through knowledge, insight, and the will to act. I would like to inadvertently slap whoever wrote that sentence.