Countries across the globe are scrambling to learn lessons from last week’s global cyberattack, and Russia is no exception. Cybersecurity experts hope that the publicity from the ransomware attack may have a positive outcome by making individuals and companies pay more attention to their information security.
Users of infected systems were told their data had been encrypted and ordered to pay a ransom. Photo: Sk.ru.
The ransomware dubbed “WannaCry” that attacked computers all over the world on Friday, May 12 is believed to have affected more than 200,000 computer systems in 150 countries, and Russia was one of the countries most severely affected. This can be explained by the widespread use of outdated software in Russia, says Sergei Khodakov, director of operations within the Skolkovo Foundation’s IT cluster: Microsoft had released patches for its most recent versions of Windows back in March to fix the vulnerability exploited by the ransomware attack, but that patch did not cover the Windows XP operating system, which is no longer updated by Microsoft.
“Windows XP, for which there was no update, is in widespread use, including in Russia, where it is used by anyone from housewives to companies,” Khodakov told Sk.ru.
As a consequence of the attack, in which companies and organisations ranging from the U.K.’s National Health Service to Russia’s Interior Ministry and U.S. logistics company FedEx saw their data encrypted and a ransom demanded, the issue of information security may finally start getting the attention it deserves, believe cybersecurity experts.
“This attack has been really high-profile, and it could be the catalyst for change in attitudes to IT systems: it could lead to an initiative [in Russia] to localize software and reduce dependence on foreign systems,” said Khodakov.
It will also result in closer auditing of organisations’ information systems, he believes.
International experts have warned that more attacks will likely follow, and have urged companies to prepare accordingly.
A second attack “could certainly happen” given the way the first one was stopped, Vesta Matveeva, principal digital forensics expert at Group-IB, a leading Russian cybersecurity company, told Sk.ru.
Friday’s initial attack was halted when a cybersecurity analyst tracking the virus registered a domain name that was being used by the malware code. Registering the domain acted as a kill-switch and stopped it spreading, but experts warn a similar virus with no kill-switch could easily be disseminated.
“It would not be at all difficult to relaunch the virus but without that self-destruct function,” said Matveeva.
Taking precautions
Sergei Khodakov, operations director of Skolkovo's IT cluster. Photo: Sk.ru
Experts are united in their advice on how to avoid falling victim to a ransomware attack.
“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” wrote Brad Smith, president and chief legal officer of Microsoft in a blog post on Sunday.
“This is a time when we need to be on maximum alert,” agrees Khodakov. “It’s essential that people update their systems, including Windows XP – Microsoft has released an update for XP in the wake of the attack – create backups, check that anti-virus software and operating systems are up to date and supported by the producer, and as far as possible, stop using systems that are no longer supported by their maker. And of course, follow information being issued by threat intelligence companies, and see what risks and threats there are,” he advises.
Having a back-up copy of valuable data is the most effective and successful method of protection from ransomware hackers, he added.
Threat intelligence gurus Group-IB, a resident of the Skolkovo Foundation’s IT cluster, have similar advice, though with some caveats.
“For individual people, we have one simple recommendation: install updates on time,” says Matveeva.
“For organisations, the same advice goes. Group-IB has a sensor that detects hackers when they are trying to attack organisations. But the safest option is to back up all your important data from the servers. This also applies to ordinary people, as far as sensitive documents and photos are concerned.
“Antivirus software can only do so much; it won’t protect against really high-level attacks, so a back-up copy is the only guarantee,” she said.
If data is always backed up, victims of hacking will never have to pay as they can simply restore the data from the back-up copy, Matveeva points out. Currently, most people choose not to pay – but that means they lose their data.
“If people haven’t saved their data elsewhere, they’re unlikely to get it back without paying, as it’s hard to decrypt the data – it’s quite a complex algorithm that’s used [by ransomware perpetrators]. But you can never rely on the hacker to decrypt the data – you have to count on their honesty – so most people don’t pay,” she told sk.ru.
Just the beginning?
Standard ransomware attacks in which data is encrypted have a straightforward financial motivation, and the WannaCry attack appears to be no different: users of infected systems were told to pay $300 in bitcoins for the restoration of their data. But the scale of the hack shows that such attacks could become an instrument for groups motivated by quite different considerations, says Khodakov.
“If this attack had been carried out by a terrorist organisation with serious financial resources, the consequences could have been far more serious,” he said.
Likewise, information security experts have long been warning of the security risks posed by the rise of the Internet of Things (IoT), in which more and more devices and smart household objects are connected to the same network. In Friday’s attack, IoT didn’t play a role in the spreading of the virus, but MRI scanners and X-ray machines were put out of action in the U.K. as they were connected to computers affected by the virus.
“The problem of IoT is constantly ensuring its safety, and spending time on updating connected devices to make sure they are protected, which can take a huge amount of time,” said Khodakov.
In order to stay abreast of the ever-growing threats, it’s crucial to develop technology that will prevent ‘zero day’ attacks (in which hackers exploit a security loophole before the software’s vendor becomes aware of it), minimise the risk of attack, and increase the speed of their detection, says Khodakov.
“One of the key areas in this respect is artificial intelligence, which makes it possible to automate the means of withstanding attacks [as machines learn to discover new methods of detection without human input], and discover [promptly] those that previously took months or even years to detect,” he said.
In addition to Group-IB, the Skolkovo Foundation’s IT cluster is home to more than 50 resident startups working in information security, which include Sezurity and KODA, which work on detecting vulnerabilities and zero day attacks, back-up tool Akronis, security monitoring services Security Vision and Rusiem, and early warning system R-Vision.