Over 45,000 ransomware attacks have been tracked in large-scale attacks across Europe and Asia — particularly Russia and China — as well as attacks in the US and South America. There are reports of infections in 99 countries. A string of ransomware attacks appears to have started in the United Kingdom, Spain and the rest of Europe, before striking Japan, Vietnam and the Philippines on May 12. According to Kaspersky Laboratory, Russia, Ukraine, India and Taiwan were hit hardest. Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack «the biggest ransomware outbreak in history». It is not known who exactly was behind it.
The overwhelming majority of the infections appeared in Russia. The ransomware hit about 1,000 computers at the Russian Interior Ministry, though the agency’s servers were not affected thanks to using the national Elbrus operating system instead of Windows.
The US Department of Homeland Security has not confirmed any attacks in the US on government targets or vital industries, such as hospitals and banks.
The malicious code exploits a Windows flaw patched in Microsoft's Security Bulletin MS17-010 in March. The malware is usually covertly installed onto computers by hiding within emails containing links, which users are tricked into opening. A single computer infected can end up compromising the entire corporate network.
The malware is alleged to have been leaked or stolen from the National Security Agency (NSA) to be reportedly distributed by the Shadow Brokers, which claimed to have hacked an NSA-linked team of hackers last summer.
The hints about alleged «Russia trail» have already appeared in Western media. According to NPR, the Shadow Brokers group, which is suspected of having ties to Russia, posted Windows hacking tools in April, saying it was a «protest» about US President Donald Trump. «A computer hacking group known as Shadow Brokers was at least partly responsible. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria», writes the Telegraph.
Edward Snowden, the former CIA employee and NSA contractor, tweeted he was confident that the hackers used NSA tools. He believes that if the NSA had given an advance warning the hit structures and hospitals in other countries could have taken proper measures to repel the attack. Politico chimes in. «Friday's attacks could have been avoided if the NSA had simply told Microsoft about the flaw earlier, digital privacy activists argued», the prestigious outlet informs.
So, the National Security Agency tools were used, the NSA gave no warning and…Russia, the hardest hit by the attack, is to blame! The same song and dance as usual. Of course, nothing like evidence to go upon has been produced like in all other cases when Moscow was blamed for each and everything going wrong everywhere. It’s just that someone thinks that a group of hackers may have links to Russia and… nothing more. We’ve seen it before.
In reality, it’s an open secret that computers, routers and other equipment normally includes element of software that could be activated by US special agencies. Hackers simply found out how it works and decided to use it for personal gains. It shows that the NSA is working on powerful software to serve as a tool for global dominance.
The event demonstrates how important it is for major world powers to make cybersecurity top the international security agenda.
Today, no international law regulates cyber operations. The 2015 in The Hague showed there are few chances for signing an international agreement to monitor cyber activities. The only international effort so far to adopt a self-regulatory approach to non-aggression in cyberspace was initiated by the Shanghai Cooperation Organization (SCO) in 2015. The details have been debates within the framework of the UN Group of Government Experts (GGE). Russia and China set an example for the world to follow by signing an agreement on information security in 2015.
The Russia-US cyber-security confidence-building package of agreements in 2013 foresaw similar cooperation and information exchange between the US and Russian computer emergency response teams (CERTs), the creation of a working group on emerging threats and the use of the existing nuclear hotline to communicate directly in a cyber crisis. It has never got off the ground and got stalled as the bilateral relations deteriorated in 2014.
Experts could join the process to give the suspended 2013 package a new lease on life. The meetings of working group could be resumed. A hotline between Moscow and Washington could be reactivated to prevent escalation of cyber incidents between the two countries. The parties could start working on the first-ever non-aggression pact in cyber domain. The national centers for reduction of cyber threats could play an important role allowing the military of the two countries to notify each other about the attacks on crucial objects of infrastructure. They were used in 2014 during the Russian preparation for the Winter Olympics in Sochi with the operations suspended the same year.
Russia and the US picked up the issue a year ago. They discussed drafting the norms and principles of responsible behavior in cyberspace and countering terrorism in the sphere of information technologies. It was a good start that to everyone’s chagrin happened to be just another one-time event. The initiative seems to be swept under the rug overshadowed by other issues. In April, 2017 a United Nations cybersecurity experts group in Geneva, where Russian and America officials had a chance to meet but it’s evidently not enough.
The recent cyberattack shows the time is right for intensifying international efforts to handle the burning problem. There is a hope. India is to host the 5th Global Conference on Cyber Space (GCSS) in the last quarter of 2017, in which over 100 countries are expected to participate. The recent attack rings an alarm bell. The upcoming event offers an opportunity not to be missed.