If you take a look around, you are sure to find at least one device that is connected to the internet. According to the world internet usage statistics, 77.4 percent of people in Europe have an internet connection – a fivefold increase since 2000. In North America, this number is even greater standing at 88.1 percent. This is the result of cheaper hardware availability, connectivity, technological progress, and the need to be online in our globally linked world.
While this scenario is one that previous generations could have never imagined, it also means we are exposed to risks that until recent years could not have been possible. A constantly connected world also means a constantly open world. One where individuals are at risk of cyberattacks, privacy invasions, and other risk factors that are possible in the global internet.
What happened with the ransomware “WannaCry”?
The recent attacks by the Windows ransomware named Wcry, WannaCry or WannaCryptor is a perfect example of cyberspace risks. According to The Guardian:
“Computers at hospitals and GPs surgeries in the UK were among tens of thousands hit in almost 100 countries by malware that appeared to be using technology stolen from the National Security Agency in the US. It blocks access to any files on a PC until a ransom is paid.”
This ransomware, spread through the connectivity of a local network or by opening a file attached to emails, has affected over 57,000 users. As mentioned by a Reddit user:
“If your computer is unpatched and is connected to a network with other infected computers, the infection can spread to your computer with no interaction on your part. That’s what’s new and different with this malware vs. other ransomware.”
The countries most affected seem to be Russia, Ukraine, India, China, Italy and Egypt, with Russia having over 1,000 computers affected by the ransomware. The ransomware encrypts the files on the computer, then requests a payment – between $300-$600 – in the form of Bitcoin to decrypt the files and remove the malware.
How to protect your system?
It would seem the malware exploits security gaps within various Windows platforms including Windows XP, Windows 8, and Windows Server 2003. Other Windows platforms would have received a patch in March, after the first version of this ransomware was spotted. Microsoft has recommended users to immediately deploy the patch Microsoft Security Bulletin MS17-010 for those who have not yet updated their systems.
An update on the situation was posted by The Guardian: A 22-year-old at Kryptos Logic accidentally found a way to halt the global spread of the ransomware by registering the domain name hidden within its code. Despite this victory, he has warned that, once the attackers find out, they will inevitably modify the malware and create a new version.
Who is at fault?
Of course the attackers are guilty of creating this malware, but this is not the end point. NHS, for example, was warned last year that their systems were outdated and no longer supported by Microsoft for updates and security patches. A December 2016 Silicon article explicitly wrote about this:
“However, a Freedom of Information (FOI) request submitted by Motherboard to over 70 NHS Hospital Trusts revealed that thousands of NHS computers across the UK are running the outdated OS, potentially leaving confidential patient data vulnerable to attack. By running Windows XP, NHS Hospitals risk breaching data protection regulations, which are set to become even more stringent through the new General Data Protection Regulation (GDPR) coming into force in 2018.”
It seems that the victims were those who were running outdated operating systems or had forgotten to patch their systems with the available Windows updates. This would be a great point to mention Linux, an open-source, freely available operating system that powers devices ranging from phones to data centers, supercomputers, defense systems and satellites. With Linux, the system is constantly updated due to its open-source nature. Linux, and its child operating system iOS made by Apple, share the same strength when it comes to malware and viruses. They are naturally immune to such things due to their system architecture, and their open-source nature that allows anyone in the world to suggest changes.
Greater connectivity, greater risk
So what is the result of this open world? An article published by Google mentions that:
“We’ve seen an increase in the number of hacked sites by approximately 32% in 2016 compared to 2015. We don’t expect this trend to slow down. As hackers get more aggressive and more sites become outdated, hackers will continue to capitalise by infecting more sites.”
With other news such as Yahoo being hacked and exposing over a billion users personal data and other major entities as the IRS, DropBox and iCloud being part of hacks, we can start to understand the scenario a bit better. The first thing we should consider is centralization and encryption. Personal data being stored by one entity in a centralized manner, without encryption, means that a hacker could gain huge amounts of personal data without needing to look in multiple locations. You can think of this as a hacker being able to forge the keys of a building to get in, and the lack of encryption means that he or she has access to anything they want while inside.
This is a good place to consider the blockchain method brought about by Bitcoin. If we were to replicate our world according to the blockchain principles, our private data would be spread over the world in a decentralized manner, and at the same time encrypted. So a hacker could never gain access to everyone’s data at the same time and even if they could, the would be encrypted and useless for exploitation.
If you want to stay safe, keep yourself and your systems updated, or simply switch to Linux distributions such as Elementary OS if the programs you use are supported by Linux. We must take personal responsibility for our privilege to have a global connection at our fingertips, and at the same time be careful when opening email attachments. We can also use a security application to monitor our computers when the situation is beyond our control.
Image from Wikimedia Commons.