By bringing global attention to ransomware, the hackers may inadvertently have killed the goose that lays the golden eggs.
Ransomware has been the tech security industry’s bogeyman of choice over the last few years, but for Government and the public, it’s been largely under the radar.
Businesses have been paying the ransom demands, but very few have ever publicly admitted it. NHS Trusts have been a target for years, as I discovered, but because of the piecemeal nature of the infections, little has been done.
Ransomware has lurked in the background, quietly raking in cash for organised cybercrime.
That changed with the NHS attack. When you have the PM and cabinet ministers commenting, pressure for action builds. And when hospital operations are cancelled, the public start to demand answers.
The fixes for ransomware are depressingly simple. It’s the same advice you’ll get when buying a laptop from any high street shop: make regular data back-ups onto a hard drive and install the software updates that protect you from new viruses.
This advice applies equally to organisations, and the allegation that the NHS did not update its systems, if true, is a national scandal.
More troubling the in the short terms is news that some GP surgeries were running without any data backups. Vital medical data has potentially been lost forever. Their only hope is that law enforcement can reverse engineer a decryption key for the WannaCry virus, allowing the data to be unscrambled. Such reverse engineering has been done for other ransomware strains, but it takes time.
In the long term, though, there may be a huge silver lining here.
I would hope anyone running a sizeable organisation in the UK, having seen the NHS attack headlines, will be thinking “OK, time to get my backups sorted and update my software”. As a result, we may well see numbers of infections go down. And even if an organisation is infected, they’ll have the data backups and won’t have to pay.
The net result? Fewer ransoms, starving the criminals of their cash supply.
And then there’s the prospect of law enforcement action against the culprits.
The reason we haven’t seen such action already is because police haven’t treated ransomware as a priority. Why? Because businesses are too embarrassed to report it, and there’s been no political pressure to crack the problem.
Again, that’s changed. And there’s another potentially useful development too:
WannaCry global infection map. Credit: Kaspersky Lab
The fact that Russia has apparently ended up a significant victim of this digital blackmail attack may prove a positive.
Cybersecurity experts believe many ransomware campaigns can be traced back to Russia, where online banking virus gangs have turned their hand to this new cash cow. But getting Russia to play ball when it comes to investigation and arrest has proved problematic, especially given the wavering relationship of the UK and US with the Kremlin.
Now, because Russia appears to have been so badly hit, we may well see the kind of international law enforcement cooperation that’s so far been lacking, and has allowed the ransomware industry to grow to the scale witnessed in the recent attack.