Ransomware – NO ONE WINS

Last week's Ransomware attack is just a reminder on how fragile our computer systems are how depended and vulnerable we all are because of that.

It only took 24-48 hours to spread this Ransomware to 100,000 machines in 150 countries before it was stopped a by a kill switch hard coded into the software.

The kill switch was found by a young security researcher who works for Kryptos Logic and thanks to him we all are not spending hours and hours fixing the broken machines or restoring data from backups.

Like many others I am taking few lessons from this.

No 1 - Organizations/Governments with their own agendas

Now, this really pisses me off. The "bug" or vulnerability that was exploited by hackers has been used for NSA for years to spy or remote control computers around the world based on Windows Operating System (which is majority of the PCs). If NSA really needs to spy on machines, why don't they get the USA government to force Microsoft in installing a remote control software that is safe and would not be exploited by hackers?

Once everyone knew about this "bug", Microsoft released a patch in March which was supposed to fix this issue (Microsoft even went out of their way to release patches for unsupported Windows XP and 2003 operating systems). However patches are not always updates straight away, and for large organizations it takes a while before they are tested and deployed to production machines.

When would USA government (who controls NSA and other security agencies) realize that there needs to be a transparency and transfer of information to the manufacturer before the public knows so that an update is released and everything is secured even before criminals in eastern Europe/Russia come up with a Ransomware based on that exploit?  

What pisses me even more is that , this is not the first or the last case of these kind of attacks based on information or exploits discovered by large budget organizations, like NSA. Basically NSA is doing all the work in discovering these bugs and hackers use that to create these Ransomware to make money.

Looks like I am not alone in blaming NSA for breaking MS code, Microsoft's president Brad Smith is pissed off at NSA as well.  

No 2 - Refusal of Governments to track these theives and hackers

I refuse to believe that Governments cannot track where the money is going if they want to. How is it possible that real money transferred to these accounts cannot be traced and tracked to the hackers?

Banks need to start playing ball and these so called “super powers” need to grow some balls. Governments really need to put some priority in dealing with these criminal organizations before it is too late and they become as dangerous as North Korea or ISIS. There needs to a be a justice league of some kind that has powers anywhere in the world to go after these criminals. Yes, I know it is not going to happen because some of these shady organizations are state funded and used for hacking or finding "Bugs/Volunerabilites" but there is no harm in suggesting.

No 3 - How connected we all are

Its amazing how little time it takes for these Ransomwares to spread around the world. We are all now lot more connected then ever. With its advantages it poses a threat of spreading these kind of attacks.

All the dumb machines of the past now have a requirement to be connected to the Internet for different reasons e.g. remote controlling, getting updates, connecting to other systems. 

So, that was my rant about this particular attack. If I look at the bigger picture and think about the kind of problems we could all have, it makes me very nervous. Imagine the time when we will have driverless cars and IOT devices controlling every aspect of our life from ordering groceries to making sure we are taking our medicine on time etc. That is the time which scares me. Imagine a scenario where you are in your car and suddenly the temperature is set to very high. You cannot open windows or turn the temperature down unless you pay someone certain amount of bit coins. That is just a small example, I am sure you all can think of worse ones. I think it is time we all need to start working together specially the “super powers” of this world and combat this threat before it gets out of hand. Because if we don’t NO ONE WINS.