Lessons from the Largest Cyberattacks in 2017
Posted on February 1, 2018
We all receive suspicious emails now and then, but have you ever been tempted to open an attachment from an unknown source? Or unconsciously downloaded a file without thinking? You’re not alone, but the most widespread global cyberattacks have been a result of doing just that. Read on for information on the attacks that affected the most people worldwide and how they could have been prevented.
WannaCry: One of the largest cyberattacks in recent history was called WannaCry and affected more than 200,000 computers in 150 countries beginning in May 2017. WannaCry was a type of ransomware that encrypted a computer’s data and displayed a screen that said the files would remain encrypted until $300 worth of bitcoin was paid. If no payment was received at the end of a countdown, the computer’s files were permanently lost. It is believed that WannaCry first spread in Europe when a user opened an email and downloaded the attachment. The virus infected their hard drive and was able to spread to other computers via file-sharing systems running on older versions of Windows. The largest organization affected was the UK’s National Health Service, with hospitals being forced to cancel thousands of appointments and operations.
NotPetya: WannaCry wasn’t the only cyber epidemic last year. A similar attack began in June and was initially spread via accounting software popular in Ukraine. The attack was a new version of “Petya” ransomware and for this was named “NotPetya”. The accounting software became infected after an administrator’s account credentials were stolen at the software firm. Upon installation on one computer, the ransomware spread to other computers on the same network. It infected Ukrainian organizations and multinational corporations with locations in Ukraine. The attack locked up network files until a bitcoin ransom was paid. Global companies including FedEx and Maersk were heavily hit by the virus. FedEx subsidiary TNT Express estimated a $300 million loss due to lost business and restoration costs. Similarly, Maersk lost nearly $300 million as a result of the delays and disruption caused by the cyberattack. The shipping company was forced to manually account for tens of thousands of containers until their systems were running again.
NSA Tie: Interestingly, both NotPetya and WannaCry were aided by information gathered by the National Security Agency (NSA). The NSA had discovered a “backdoor” to Microsoft’s Windows operating system and instead of letting the software company know, they kept the vulnerability to themselves. NSA documents outlining EternalBlue – the NSA codename for their discovered backdoor to computers and networks running Windows – were leaked to a group of hackers known as the Shadow Brokers, who publicly released the information. EternalBlue’s hacking tools were then used by the perpetrators of NotPetya and WannaCry, believed to be Russian and North Korean, respectively.
Cybersecurity company Kaspersky Labs researched both cyberattacks and began offering decryption tools for some ransomware as part of their “NoMoreRansom” project.
However, Kaspersky Labs, which sells popular anti-virus products, has run into its own troubles. The Russian company is headquartered in Moscow and has been accused of having ties to the Russian government and allowing the use of its software to gather intelligence.
Following a designation from the U.S. Department of Homeland Security (DHS) deeming Kaspersky Lab’s software an “information security risk”, President Trump signed a law in December banning the use of the company’s software by the U.S. government. Last week, Facebook reported to Congress that it has removed Kaspersky Lab’s anti-virus software from its available products for Facebook users. Kaspersky Labs has vehemently denied the accusations and has filed for a preliminary injunction against the DHS.
The lessons learned from the NotPetya and WannaCry attacks are first, keep your operating system updated and back up your files regularly. The ransomware did not affect computers running updated versions of Windows. And second, the most important tools companies have regarding cybersecurity are training and awareness.
More information regarding cybersecurity can be learned at the upcoming Global Business Connections conference breakout session “International Business in the Digital Age” on April 5. Click here for the full agenda and to register.