Ransomware Everywhere: The WannaCry Attack and the State of Cybersecurity

WannaCry has encrypted the data on thousands of computers in more than 150 countries in what officials describe as the biggest such attack in history. What do we know about the ransomware and its creators? What are the possible responses? What can this attack tell us about broader geopolitical dynamics and policy imperatives?

With the cybersecurity community and leaders in government and business still reeling, Wilson Center Global Fellows Benjamin Buchanan and Tom Kellermann addressed these questions and more in an in-depth Ground Truth Briefing.

Key Quotes

Benjamin Buchanan:

“Over the last year, the provenance and activities and behaviors of the Shadow Brokers are probably some of the most mysterious we’ve seen in the cybersecurity landscape.”

“What’s significant to me is that the geopolitical intrigue between the Russian Intelligence Service and the NSA (if it is, in fact, the Russians) is playing out with very practical effects for everyone else. If the Russians have burned this tool and released this tool as a warning shot to the NSA, it’s now being picked up by another actor and that’s being used to steal money for that actor and cause significant disruption.”

“If, indeed, it was North Korea, if this evidence does check out, then that’s significant. It’s another sign that the North Koreans are using cyber capabilities as a means of disruption and as a means, potentially, of funding their regime.”

“What’s significant to me [about President Trump’s executive order on cybersecurity] is how provisional it is and how the bulk of the order is commissioning studies and reviews... This is an order that is not, by itself, incredibly significant.” 

“If a hospital buys an MRI machine in 2006, it’s likely to have Windows XP on it. It’s very unlikely that the MRI has been updated in the past 11 years to something more secure, which makes it very susceptible to ransomware… So going forward, in very critical areas like medicine… I think it’s vital that we think about security from the ground up.”

Tom Kellermann:

“What we’re experiencing here in cyberspace now, essentially, is the perfect storm.”

“The environment is becoming far more hostile, and insomuch as we appreciate that, hackers have really transitioned from burglary to home invasion… The purpose of the targeting is not just theft anymore, but really, colonization.”

“The ransomware that was leveraged is really a precursor for what I think is soon to be more systemic, widespread, destructive attacks leveraged against the U.S. and its allies by nation-states like North Korea and Iran, who have now essentially taken the gloves off, as they have been fully armed by their Russian compatriots, and they now have access to weapons-grade munitions that were stolen from the NSA.”

“Why is it that we still haven’t allowed the NSA to take their gloves off as it relates to defending the U.S. against these types of attacks and campaigns outside of the U.S.? Why is it that the Russians have come at us full throttle and engaged actors like Shadow Brokers to do their bidding and utilize cyber criminals to leverage colonization campaigns inside our infrastructure and the NSA sits back and, really, watches?”

“Frankly, many [experts]… see this [attack] as almost a trial run. What’s more concerning to us are the other zero-days or the munitions that can’t be stopped by our current defenses that were stolen from the NSA. It’s a question of those being turned into worms in the future, in the coming days and weeks. What this [attack] illustrated, most importantly, was that society as a whole is still vulnerable to worms, and not just digitally vulnerable, but kinetically vulnerable to a cyberattack that could render transportation, healthcare, and things like finance useless.”

“The FBI is currently sitting on hundreds of thousands of bitcoins that they seized and they don’t have any idea what to do with it – [and they could put it] into some sort of superfund that could be doled out for critical-infrastructure-modernization and security. All that requires is not new legislation, but the modernization of forfeiture laws and the modernization of money laundering statutes.”