The sheer scale of the cyber-attack that took place on Friday the 12th, which affected 150 countries, is unprecedented. Companies are still working to ensure their protection from the ransomware. The ransomware utilised over the weekend is called WannaCry, which is designed to spread quickly from a single machine across an entire network, allowing for large numbers of infected systems. Institutions infected vary from Russia’s Interior Ministry and the National Health Service to private companies such as Telefonica. The ransomware was certainly not targeted against any one state or sector.
It is interesting to note that the proposed infection vector for the attack, which primarily exploited the operating system of Windows XP, was leaked from the Equation Group (believed to be a part of the NSA). The perpetrators are unknown but varying sources over the weekend suggested either the United States (which would make it a private attack) or North Korea (state-sponsored).
Microsoft has claimed the NSA must inform the company of any exploits identified, with the NSA rebutting that such exploits are integral to its work. Companies rather than individuals seem to be the primary victims due to the difficulty in updating systems for large-scale operations.
It is ultimately pointless to try and level blame at any particular organisation, as the whole situation appears to be a perfect storm of unfortunate events. This does not make the implications any less disturbing, as what was effectively a low-level piece of malware caused significant disruption worldwide. The reports of computers and MRI machines not working and ambulance diversions are an alarming display of what a potentially larger cyber-breach of a hospital would look like. Although updating individual computers may be easy, updating the entire NHS system (where 90% of NHS hospitals still use Windows XP) is an entirely different matter. Microsoft charging for system upgrades does not help and could be argued to be a legitimate form of ransom. It is difficult that no easy solution exists but the potential disruption is such that companies should take all necessary measures to patch and proactively protect themselves.