This is almost like the atom bomb of ransomware… may be a sign of things to come. — Rohyt Belani, CEO, PhishMe

There could be dull days in our real lives, but never in cyberspace, which abounds with a mind-boggling spectrum of intruders and stalkers. The phenomenon that users of computers and researchers in cyber security were witness to from Friday, May 13 has raised many questions of vulnerability. It is comforting to know that by the afternoon of Monday, May 15, the speed of the attack was somewhat curtailed by counter-measures. But we still have to keep our fingers crossed for there is no knowing if the aggressors have more tools in their possession to cause further damage. The good news for us is that there are no reports of any major intrusion into computers or systems in India.

The bottom line is that somebody somewhere slipped up, leaving gaping holes in our computers. What is abominable is that the criminals tampered with the systems of public health services — particularly the NHS of the UK.

Basically, what happened

For the benefit of laypersons, some observers have catalogued what we know of the attack and the attackers, and what we don’t. The intrusion was a phishing attack — persuading a user to open a mail sent by a motivated intruder, an act which, on the face of it, appears to be from a genuine and authorised source, and the result of a malware (WannaCrypt 2.0) assembled, not at one place, but in several centres across the globe. A traditional modus operandi is to send a dubious link in a mail, which the recipient accesses. In the latest instance, however, it is said that the ‘explosive’ was in the form of an attachment, which an unwary user opened.

In such a case, the immobilisation of a system is invariably caused by the encryption of files, folders and drives, and it takes a while for the victim to realise he/she has been attacked. The fears are subsequently confirmed by messages demanding a specified ransom for releasing the system. Launched by a group styled Shadow Brokers (whose exact identity is yet to be unravelled), the ransom demanded in each instance was $300 to be paid in Bitcoin — a digital currency which renders the beneficiary anonymous and is difficult to locate. One rough estimate is that the ransom-seekers will eventually net $1 billion, and that they have already received about $33,000 until the weekend. These are figures are dubious but we cannot ignore them as there is no means to cross-check.

Worrisome aspects

There are two aspects to the outrageous attack that are worrisome. The first is that the holes in the older version of Windows were known to Microsoft for quite some time, but it did not do much to patch them up, except for customers who paid to remove the deficiencies. Then there is the other theory that customers who were aware of the risk did not bother to act because of the costs involved and the problems related to adapting to upgrades. Either way, this was a lesson to be learnt by both software manufacturers and users.

Perhaps the graver of the revelations surfacing now is that the malware was possibly stolen from a stockpile of weapons which the National Security Agency (NSA) had built up over the years as a counter-offensive to cyber-attacks on the US and its allies by nations such as Russia, China and North Korea.

Justifying this, certain sources allege that, since last summer, Shadow Brokers had started posting online certain tools they had stolen from the NSA ‘armoury’. This is a serious insinuation that, if proved, could trigger international condemnation of the US and its spy agencies. It revives memories of Stuxnet, a worm that both the US and Israel used against Iran’s nuclear programme more than five years ago. While there is no corroboration to the charge levelled against the NSA, it is interesting that a few former intelligence officers have taken the stand that the tools used in the latest episode were indeed from the NSA’s ‘Tailored Access Operations’ unit.

The final question is whether anything can be done to predict or prevent a similar attack. There is marked pessimism here. Repeated exhortation not to open attachments received from unknown sources has fallen on deaf ears. The advice to opt for complex passwords and exhortations not to share it with anyone has also met with the same fate.

The only way is to minimise damage through encryption of vital, if not all the data in the hardware or system.

There is no case for despair. But there is certainly one for prudence and caution in day-to-day handling of systems and data.

The writer is a former CBI director who is currently Adviser (Corporate Security) to Tata Consultancy Services Ltd

comment COMMENT NOW