Monday 3 July 2017

Cyberwar and ransomware

Ransomware has been making the news lately with the WannaCry and, more recently, Petya strains grabbing the headlines. These threats were so dangerous because they easily spread to unpatched computers. The reason these malware attacks were so effective was because they used a zero day exploit that was developed for cyber attacks by the U.S. National Security Agency (called EternalBlue). The exploit was made public by hacking groups and Microsoft did develop patches to protect their systems, but the issue is that many systems remained unpatched resulting in outages to many businesses. More exploits are being released. The CIA hacking tools were released on Wikileaks in March 2017 ( which will no doubt lead to further malicious threats being released in the wild.

So what is a patch? These are software updates to the system developed by the software vendor. Microsoft regularly releases patches to improve performance or fix security flaws on Windows systems. These show up as Windows Updates. It is a good idea to apply these updates as they are released. In fact, Windows 10 doesn't give you the option, it enforces the updates automatically. This does require internet access in order for the updates to be downloaded though.

So the computers most effected by these exploits were running older Windows systems (mainly Windows 7) and Microsoft took the rare step of releasing a security patch for Windows XP (which is no longer supported and doesn't get security updates any more). Even though WannaCry preceded Petya, many systems were still impacted when Petya was released. Initially it was thought that Petya was another ransomware threat but it turned out that it was not possible to get the encryption keys and the email address used to contact the criminals was shut down, making it impossible to get in contact, even if a company wanted to. It would appear that Petya was written to destroy data while acting like ransomware. As this threat first appeared in the Ukraine, it would seem that they were the initial targets of the attacks, which subsequently spread to the rest of the world.

With the continued release of these exploits that are used by nation states for cyber warfare, it raises issues about disclosure to the software vendors. Is it ethical for a government to withhold these zero day exploits from the vendors, especially when they can be used for criminal purposes? More to the point, it has become critically important that companies maintain regular updates to avoid being attacked by malware. It is surprising to me that many companies do not stay on top of this. For the home user, it is also important to ensure that they maintain regular patching for their system and software they use (such as Microsoft office, Adobe reader, Adobe flash and java etc). Be aware though that updates must come from a trusted vendor site and not a third party website as these can be used to inject malware instead of legitimate software. For more information on how to maintain patching in Windows go to For Apple Macs check this link