ICT - WannaCry Threat Not Quite Over Until Governments Wake Up
While it appears Australia has escaped the worst in the international ransomware attack, Microsoft is blaming the problem on governments "hoarding" their knowledge of software flaws that can be exploited by internet ne'er-do-wells.
US intelligence apparently discovered the hole in the Windows operating system that is being exploited by whoever is responsible for the "WannaCry" ransomware. But the US got hacked and the information was leaked online.
"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," wrote Microsoft president and chief legal officer Brad Smith. "An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen."
Once Microsoft became aware of what the CIA didn't share, it issued a patch to plug the hole. But a lot of users didn't pay attention to that critical update and more than 200,000 computers and systems around the world were infected. The ransomware locks down the infected computer and instructs victims to pay more the AU$400 in Bitcoins for the encryption to free the system.
"The governments of the world should treat this attack as a wake-up call," wrote Mr. Smith. "As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems."
The UK's National Health had its systems fall victim, and it was the patients who suffered. Surgeries, chemo-therapies, and other treatments were postponed because the hospitals couldn't access patient records. Hospitals in Indonesia were also impacted.
But Australia had better news: "We've seen no impact in the health system which is important, we've had no reports of any government agencies impacted by this," said Alastair MacGibbon, cybersecurity adviser to PM Malcolm Turnbull, to the ABC. "Unfortunately, there are some very smart and bad people out there who spend their times trying to make things worse for us, and this is not game over for us."
Three Australian small to medium-sized companies were infected. But these sorts of hacks take their toll anyway, according to Assistant Minister for cyber-security Dan Tehan: "We have to understand that ransomware costs the Australian economy $1 billion a year conservatively."