Was Wanna Cry a Blessing in Disguise?

Throughout the last week, the Wanna Cry ransomware has spread to over 150 countries among the most affected being Russia and the UK. Exploiting a vulnerability in Microsoft Windows, (which was expressedly covered in a patch last August)Wanna Cry has reportedly affected 300,000 machines, US officials identify ransoms of only $70,000, the Lazarus Group has been previously connected with a recent heist of over $81 million in Bangladeshi banks. While Wanna Cry has reportedly affected 300,000 machines, US officials identify ransoms of only $70,000, the Lazarus Group has been recently connected with a heist of over $81 million in Bangladeshi banks.
Some of the infrastructure affected includes:

Dozens of British National Health Service Computers being infected, returning computers to a normal state only after ransoms were paid in bitcoin currency.

Japan, the government’s Computer Emergency Response Team said as many as 2,000 computers at 600 companies were affected by the ransomware, and the government set up a new crisis management office to deal with cyberterrorism.

China’s state-run Xinhua News Agency reported that the virus infiltrated a range of networks, including railway operations, mail delivery, hospitals and government offices.

In France, automaker Renault said one of its plants was closed Monday as a “preventive step” while engineers looked at the fallout from the cyberattack.

Additionally, the Brazilian tax agency, and perhaps more importantly: the Russian Ministry of Interior were listed as being infected. However, in a somewhat surreal turn of events for international cyber security, Putin said outright on Monday that Russia “had nothing to do” with the Wanna Cry virus, and further placed blame on the NSA. This particular ransomware used is widely believed to be based on NSA hacking tools hacked and leaked earlier this year, allegedly by the Shadow Group with suspected (but not proven) support from Russia.

Microsoft as well blamed the NSA, again. Microsoft President Brad Smith, in a blog post last Sunday, compared the NSA breach to “the U.S. military having some of its Tomahawk missiles stolen.”

While ransomware is nothing new, the success of the attack was significant. Google security researcher Neel Mehta tweeted similarities in the code as in the hacks used by the Lazarus Group, known for their ties to the North Korean Government and most famous for the hack of Sony pending the release of “The Interview,” a satirical comedy about a covert operation in N. Korea feat. James Franco and Seth Rogen (a must see). Kaspersky has further researched this for continuity, citing a potential but ‘improbable’ false flag of the code.

The attack brings up a very interesting and currently opaquely defined concept in such a complicated matrix of international relations, threats, and security. Responsibility.

The Wall Street Journal this week, bluntly states: “Companies find that in dealing with the complexities of ransomware they are caught between law enforcement agencies treating them as crime victims and regulators treating them as perpetrators that allowed a breach of their customers’ data.”

With key infrastructure in both the public and private sector embarrassingly exposed, the resulting haphazard chaos was surprisingly successful, specifically with exposing the ‘cracks’ in security of the current globalized interconnectivity of the world. As government agencies and leaders assess damage and pass blame and services in both private/public sector suffer, hopefully further contingency planning and dialogue emerges.
A former Defense Department cybersecurity official Mike McNerney noted, “NSA identified a risk and communicated it to Microsoft, who put out an immediate patch, however, no top government official emphasized the seriousness of the vulnerability.”

Maybe Wanna Cry was a blessing in disguise, a containable warning, of which we should be very aware. For now, trading markets remained relatively stable amidst the attack. However, as cyber and malware attacks expand every year in number and scale, stocks in cyber solution providers themselves remain flat. Companies have yet to materialize significant yields for investors. Regardless, while perhaps somewhat undefined, the value of cyber security shares allows for them to trade far beyond earnings.
The CEO of McAfee in a recent interview also mentioned the general value of the concept from a leadership perspective: “(Cyber Security) has gone from a back-office function to a boardroom-level issue. Now everyone in the C-suite of an organization has at least got some basic understanding of cybersecurity issues.”


Interested in the dialogue on where cyber security responsibility lies, and how much it is worth? Check out Nordic IT Security this year as we address these topics in themes of: WELFARE, COMMERCE, DEFENSE, PERSONAL, with leading government authorities and solution providers.

Leave a Reply