Last Friday marked the outbreak of a massive ransomware cyberattack named "WannaCry" that hit computer systems across the globe. Infected computers had their data encrypted, followed by a message saying that data would only be unencrypted if the owner paid $300 to an anonymous bitcoin account (although there is no evidence that files will or even can be unencrypted if the ransom is paid). The malware hit numerous companies such as FedEx and Deutsche Bahn and also spread to government agencies including the Russian Ministry of the Interior and the UK's National Health Service, in the latter case putting lives at risk as hospitals lost access to medical records. Over 200,000 computers have been affected, and there is currently no way to recover encrypted files unless a computer was backed up.
The virus exploited a vulnerability in Windows known as EternalBlue that was revealed in leaked NSA documents. When the NSA discovers a vulnerability in a major piece of software, national security officials undergo a Vulnerability Equities Process (VEP) to decide whether to contact the software's creator to have it fixed or to keep it secret for NSA use. EternalBlue was initally kept secret, but after becoming aware of the leak, the NSA contacted Microsoft who issued a patch fixing the vulnerability two months ago. The attack was successful however because the patch did not reach numerous computers such as those that were not set for regular Windows updates, those running an outdated version of Windows like XP, and those running systems too critical or sensitive to allow updates on. Experts warn that there is not an easy fix to prevent a similar attack in the future, demonstrating that the age of serious cyberattacks is upon us.
- Women in Afghanistan are using radio programs to defend women's rights and democracy
- Facebook adds feature allowing group admins to screen potential members with questionnaires
- 17 million people mainly in non-Western countries are unable to register for most websites because their email address contains a non-latin character
- Thailand pressures Facebook to censor content critical of its king
- Russia allows Tencent's WeChat to operate again, after blocking it for not registering with the government
- A security researcher temporarily halts the spread of the ransomware by registering a domain that turns out to be the kill switch
- Security experts say shared code between ransomware and North Korean virus is suspicious, but warn it could be a false flag
- The European Parliament released a report on the potential impact of blockchain
- Cornell professor launches Town Crier, a blockchain software that can be used to create smart contracts
- A look at opportunities and challenges for blockchain in the developing world