It\u2019s nearly 10 days after the global WannaCry hack, and at Legal Geek we\u2019re scratching our heads to work out what the real danger to emerge from this episode has really been. Is it the malware which affected 150 countries or the thinly-founded speculation and blame game which has followed?<\/p>\n
In light of that thought, we\u2019ve kept our summary simple.<\/p>\n
What we know<\/strong><\/p>\n On Friday 12 May, a global cyber attack spread across 150 countries affecting more than 200,000 organisations. In the UK, the attack affected 47 NHS trusts, leading to cancelled operations and people being turned away from A&E. According to Moscow-based cyber security agency Kaspersky Lab, the worst affected countries were Russia, Ukraine, India, and Taiwan.<\/p>\n The cyber attack deployed a variant of “WannaCry” ransomware which encrypts data, locks you out of your system, and demands a\u00a0ransom \u2013 paid in bitcoin currency \u2013 to release it.<\/p>\n The attack exposed a weakness in Microsoft\u2019s Windows XP software making organisations still running Windows XP \u2013 such as the NHS in the UK \u2013 especially susceptible to attack.\u00a0We wonder if any law firms still run on Windows XP and, if they do, how well their IT Director is sleeping? \u00a0<\/strong>Especially scary when you consider cyber attacks on law firms have risen 60% in two years, according to PwC\u2019s 25th annual Law Firms Survey.<\/p>\n Estimates so far place the pay-outs made at just over $70,000 \u2013 a paltry yield for the number of systems affected.<\/p>\n What we don\u2019t know <\/strong><\/p>\n It\u2019s more than a week after the attack and SO many questions remain unanswered. Even a tech-savvy Miss Marple would be stuck for where to start. There is speculation of course, but as far as we can see there are no concrete answers to the following questions:<\/p>\n What people are speculating on <\/strong><\/p>\n We couldn\u2019t cover this topic without highlighting the speculation, rumour and conjecture out there, but we encourage a healthy dose of scepticism to be applied to every theory.<\/p>\n Who did it? <\/strong><\/p>\n Every organisation to offer a theory on who was behind the attack have caveated their findings with the words \u201cpreliminary\u201d, \u201ctentative\u201d or similar. BUT, fingers have been pointed in the direction of a hacker collective behind the 2014 Sony Pictures hack which was identified by US intelligence as a North Korean government operation.<\/p>\n YET, chatter from US experts has also highlighted that parts of the WannaCry virus were amateurish and the payment system unsophisticated. Such a conclusion widens the net of potential hackers.<\/p>\n What was their motive and did they succeed?<\/strong><\/p>\n If the aim of the hacking group or individual responsible was for monetary gain, then the hack failed spectacularly. Yet, if it were to cause havoc and fear across borders, it\u2019s been devastating. No one can really answer this one without speaking to the group responsible.<\/p>\n How<\/strong> was the ransomware acquired?<\/strong><\/p>\n The hegemony around this one is that the US government had identified a weakness in Microsoft\u2019s Windows XP platform as long ago as last summer and had even developed a hacking tool to expose such a weakness. But this information was stolen by a hacking group with the theft being announced publically earlier this year. And Microsoft say that what was stolen from the US government formed the basis of this attack.<\/p>\n Who is to blame for allowing it to happen?<\/strong><\/p>\n The blame game has seen Microsoft\u2019s President and Chief Legal Officer Brad Smith\u00a0say that the bulk of the responsibility lay with the US government for not informing Microsoft earlier about the vulnerability they had identified.<\/p>\n Smith wrote in a blog post after the 12 May attack:<\/p>\n \u201cThis attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA (National Security Agency) has affected customers around the world.<\/p>\n \u201cRepeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today\u2014nation-state action and organised criminal action.\u201d<\/p><\/blockquote>\n\n