Round 2 in the major outbreak of “ransomware” attacks that began last month with the “WannaCry” virus seems to have begun. Reuters reports a second spate of attacks, whose targets include multi-national companies and governments, mostly in Europe but extending as far as to India:
A major global cyber attack disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers last month .
The rapidly spreading cyber extortion campaign, which began on Tuesday, underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.
I’m afraid these sort of attacks will continue until companies and governments start taking them seriously. What would “taking them seriously” entail? First, there needs to be a general recognition that the flaws in Microsoft operating systems that leave systems running them vulnerable to attack are a failure of workmanship on Microsoft’s part which they should not be allowed to weasel out of.
Second, a cyber attack against thousands of targets is the equivalent of a serious terrorist attack.
Third, governments should get out of the business of producing malware. There’s considerable evidence that these ransomware attacks are based on code developed by governments. Without the incredible resources that governments can devote to such uses, attacks of this sophistication would probably not be possible and, as I’ve pointed out before, once the’re in the wild you’ve lost control over them. Sadly, governments have shown little ability to secure their own intellectual property.
As globally connected networks of computers insinuate themselves into every aspect of our lives including our homes and our cars, we’ll become increasingly vulnerable. The time to start taking the threat seriously is now.
