It is mind-boggling that, despite the world being warned, the past week’s ransomware attack almost took down a country’s healthcare system. ARTHUR GOLDSTUCK reports.
If the world didn’t know what ransomware was before, the incessant global headlines of the past week have provided an instant education.
The healthcare system in the United Kingdom was almost brought down by the WannaCry virus, which locks and encrypts computer files, rendering entire networks useless until a ransom is paid. The National Health Service had staff working overtime, not on patient care, but on using paper systems to manage patient information.
IT security company Kaspersky Lab defines ransomware as “a type of malware that severely restricts access to a computer, device or file until a ransom is paid by the user”. It can be installed through deceptive links in an email message, instant message or website, and can encrypt important files with a password.
Kaspersky Lab has detected at least 45 000 WannaCry (also known as WannaCrypt) infection attempts in 74 countries. While most have been in Russia, an animated map of infections published online by the New York Times (See http://bit.ly/wannaRSA) shows that targets were hit in every South African city.
Kaspersky explains that the ransomware infects victims by exploiting a Microsoft Windows vulnerability described and fixed in a Microsoft Security Bulletin in March 2017. The exploit is called Eternal Blue, and was stolen from the American National Security Agency (NSA) by a hacking gang going by the name of Shadowbrokers.
“Once inside the system, the attackers install a rootkit, which enables them to download the software to encrypt the data. The malware encrypts the files. A request for $600 in Bitcoin is displayed along with the wallet – and the ransom demand increases over time.”
Kaspersky is hoping to develop a decryption tool similar to those created for previous ransomware attacks, and available at noransom.kaspersky.com.
It should not have come to this, however. When the Windows vulnerability was revealed two months ago, it came with warnings that ransomware attacks and other cyber exploits were certain to follow. All Windows users were advised to update their software immediately, and IT administrators were advised to download and install the latest security patches. Users of the latest Microsoft operating system, Windows 10, were safe, as it did not contain the vulnerability.
Two months later, hospitals in the UK and elsewhere, along with businesses, public transport systems and even police stations globally, found themselves in crisis mode as their systems were brought down. By a known and well-publicised vulnerability.
It’s little wonder that scorn has been poured on UK Home Secretary Amber Rudd’s claim that there were “good preparations in place by the NHS to make sure they were ready for this sort of attack”. Guardian technology columnist Charles Arthur wrote that underfunding of the NHS “made the events of the past few days a disaster waiting to happen”.
In truth, it’s an ongoing disaster. As Arthur reports, between mid-2015 and the end of 2016, 88 of the UK’s 260 NHS trusts had been hit by ransomware.
In South Africa, it’s also an ongoing threat. Numerous individuals – particularly older users – have fallen for scammers supposedly phoning from Microsoft to say they have detected a virus on the user’s computer.
For some reason, the most suspicious of old-timers become like gullible children when receiving a call about their computers from a stranger. It does not cross their minds for a moment that the giant Microsoft is not about to phone an individual user about an issue on their system.
They are then persuaded to open a specific web address, download a piece of software and open it. Which instantly locks down their computer, and encrypts all files. They are told that, if they don’t pay a specific ransom amount by a given date, all the contents of their computer will be deleted.
Unfortunately, there is no Windows patch for gullibility. However, the same thing can happen via any number of exploits. In most cases, it is a result if clicking on a link or attachment in an email from a stranger.
The methods are going to keep evolving, and the trickery will keep getting more sophisticated.
“People in ransomware are thinking like business people,” said Ton Maas, digital coordinator of the Dutch National Police, during Kaspersky Lab’s annual Cyber Security Weekend in Malta last year. In 2015, he personally arrested two young ransomware creators, brothers who were conducting the business in their parents’ home.
“In this case, they were both the coders and the distributors,” said Maas. “Usually, you start with the coder, who offers code to distributors, who then target end-users. You even get code specifically written for the distributor, on request.
“The distributors buy the codes and earn their own money, but sometimes have to pay a percentage back to the coder. It is also possible to have a service contract, paying a fixed amount a month, so if you have problems and want to change something in the code, the coder will do it for you. You can call this ransomware-as-a-service.”
Kasperksy Lab’s 2016 Corporate IT security Risks Survey, presented at the Malta event, revealed that 20 per cent of businesses across the world experienced a ransomware attack in the previous 12 months. In South Africa, 19 per cent of businesses had come under attack.
The Lab helped the Dutch police track down the hackers responsible for a ransomware program called CoinVault, which added a new element: if victims did not pay immediately, the ransom “fee” steadily increased. That exact approach has now been taken by the WannaCry creator.
For now, WannaCry appears to be contained, but that is merely a respite in an escalating crisis. Expect worse. Far worse.
Eugene Kaspersky posts from 2050
In his imagined blog entry from the year 2050, the Kaspersky Lab founder imagines an era of digital immunity
In recent years, digital systems have moved up to a whole new level. No longer assistants making life easier for us mere mortals, they’ve become the basis of civilisation — the very framework keeping the world functioning properly in 2050.
This quantum leap forward has generated new requirements for the reliability and stability of artificial intelligence. Although some cyberthreats still haven’t become extinct since the romantic era around the turn of the century, they’re now dangerous only to outliers who for some reason reject modern standards of digital immunity.
The situation in many ways resembles the fight against human diseases. Thanks to the success of vaccines, the terrible epidemics that once devastated entire cities in the twentieth century are a thing of the past.
However, that’s where the resemblance ends. For humans, diseases like the plague or smallpox have been replaced by new, highly resistant “post-vaccination” diseases; but for the machines, things have turned out much better. This is largely because the initial designers of digital immunity made all the right preparations for it in advance. In doing so, what helped them in particular was borrowing the systemic approaches of living systems and humans.
One of the pillars of cyber-immunity today is digital intuition, the ability of AI systems to make the right decisions in conditions where the source data are clearly insufficient to make a rational choice.
But there’s no mysticism here: Digital intuition is merely the logical continuation of the idea of machine learning. When the number and complexity of related self-learning systems exceeds a certain threshold, the quality of decision-making rises to a whole new level — a level that’s completely elusive to rational understanding. An “intuitive solution” results fromthe superimposition of the experience of a huge number of machine-learning models, much like the result of the calculations of a quantum computer.
So, as you can see, it has been digital intuition, with its ability to instantly, correctly respond to unknown challenges that has helped build the digital security standards of this new era.
M-Net to film Deon Meyer novel
A television adaptation of Deon Meyer’s crime novel Trackers is to be co-produced by M-Net, Germany’s public broadcaster ZDF, and HBO subsidiary Cinemax, which will also distribute the drama series worldwide.
“Trackers is an unprecedented scripted television venture and MultiChoice and M-Net are proud to chart out new territory … allowing local and international talent to combine their world-class story-telling and production skills,” says MultiChoice CEO of General Entertainment, Yolisa Phahle.
HBO, Cinemax, and M-Net also launched a Producers Apprenticeship programme last year when the Cinemax series Warrior, coming to M-Net in July, was filmed in South Africa. Some other Cinemax originals screened on M-Net include Banshee, The Knick and Strike Back.
“Cinemax is delighted to partner with M-Net and ZDF in bringing Deon Meyer’s unforgettable characters and storytelling—all so richly rooted in the people and spectacular geography of South Africa—to screens around the world,” says Len Amato, President, HBO Films, Miniseries, and Cinemax.
Filming for Trackers has already started in locations across South Africa and the co-production partners have been working together on all aspects of production
Deon Meyer, whose award-winning crime novels have been translated into more than 20 languages, with millions of copies sold worldwide, serves as a supervising screenwriter and co-producer; British writer Robert Thorogood (Death in Paradise) is the showrunner. The team of South African writers on the project includes the Mitchell’s Plain playwright, screenwriter and director Amy Jephta (Die Ellen Pakkies Story) and local writer/directors Kelsey Egen and Jozua Malherbe.
The cast for the six-part miniseries includes Ed Stoppard, Rolanda Marais, James Alexander and Thapelo Mokoena.
Trackers will make its debut on M-Net 101 in October 2019 and will also be available on MultiChoice’s on-demand service, Showmax. The six-part drama series is produced by UK production company Three River Studios as well as South Africa’s Scene 23.