Ransomware Attacks Computer Networks Around The Globe | KUOW News and Information

Ransomware Attacks Computer Networks Around The Globe

May 13, 2017
Originally published on May 13, 2017 7:43 am
Copyright 2017 NPR. To see more, visit http://www.npr.org/.

SCOTT SIMON, HOST:

A cyberattack spread across the world yesterday. The British National Health Service, universities in China and FedEx were among the many places that were hit. The attackers wanted money ransom in exchange for data. NPR's tech reporter Aarti Shahani joins us. Aarti, thanks so much for being with us.

AARTI SHAHANI, BYLINE: My pleasure.

SIMON: Do we know how it started?

SHAHANI: We don't know the exact timeline for each and every attack yet or if they were separate or coordinated attacks. But we do know it's all over the place now. There's a sort of heat map of the attacks that shows orange glowing dots across Europe, the U.S., India, Brazil, Russia, China. All areas affected by this malware are called Wanna Cry or Wanna Decrypter. It was - starting yesterday morning, we got reports out of Spain and Britain. Over there in the National Health Service, hospitals were crippled, brought to a standstill. Doctors and nurses were literally, you know, locked out of their patients' files. And what I mean by that, by locked out, is this was a ransomware attack. Ransomware is a technique that hackers use in which they find a way to get into your system, say, by sending you an email that's literally a Trojan horse. It has malicious software inside.

And then the hackers, you know, they take your files. They swoop through, and they encrypt them so you can't read them anymore. They're locked, and to unlock them, you need a decryption key. So the hackers will blurt out on your computer screen, hey, if you want to see your files again, pay us X amount in Bitcoin, the cryptocurrency. In this case, it seems to be small amounts in this series of attacks, say, a few hundred dollars.

SIMON: Yeah. What damage in the United States near as you can tell?

SHAHANI: Well, we're not really aware of what the damage is precisely. I mean, that's still being accounted for. One thing interestingly for people that are dissecting what happened is that many systems are now trying to clean up the damage. So it's hard to know exactly what happened. It's kind of like cleaning up a crime scene before doing the forensics on it. One thing that is being discussed - this is possibly malware coming from the NSA. Some security experts who've been collecting samples of the malware and dissecting them have been saying that these criminal attacks are based on attacks designed by the National Security Agency and then released into the public by a hacking group called The Shadow Brokers.

You know, now, the NSA, they would have wanted to use the malware for spying purposes, right? The agency has a huge shop - we're very well aware of this - one of the world's best shops, dedicated to finding weaknesses in software and taking advantage of those weaknesses to break in and steal information for spying purposes. The problem is once you break in, you make digital keys, you can't really control who gets them. So this attack is raising one of these fundamental issues that we talk about in the security world about whether NSA surveillance protects people or creates unexpected damage that does more harm than good.

SIMON: So I - so it's possible that there - it's possible that the NSA program to try and limit damage and trace people who would do harm to the country wound up doing harm across the world.

SHAHANI: Yes, exactly, and that's the sort of - that could be the irony of this.

SIMON: Mercy. It could have been - could it have been prevented? Aside from maybe not inventing it, could it have been prevented somehow?

SHAHANI: Great question, and yeah, here's the thing - the software flaw is something in the Microsoft operating system, in Windows. Microsoft released a patch for it way back in March. So in an ideal world, you would have installed the patch and been protected from this onslaught, this ransomware campaign. But obviously, we don't live in an ideal world, and it's not reasonable to expect every local IT guy to update immediately.

SIMON: So 15 seconds we have left - we know a lot of people listening to us are online. What do they do or not do?

SHAHANI: Well, absolutely backup your data. Have a way to have your data backed up in a trusted cloud provider or an external drive because the fact is if you backup your data, this kind of attack loses its fangs.

SIMON: NPR's Aarti Shahani, thanks so much for being with us.

SHAHANI: Thank you. Transcript provided by NPR, Copyright NPR.