More than 200,000 computers across 150 countries have been affected by a large-scale cyberattack in the last few days. The ransomware WannaCry encrypts information on computers and asks users to pay $300 in exchange for decryption.
According to Microsoft, starting first in the United Kingdom and Spain, the malicious software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.
Press reported that the attackers took advantage of a known flaw in Windows XP, as a result, hospitals, businesses, governments, and computers at homes were affected. Microsoft officially stopped providing security support for XP in 2014 however released an urgent security update to patch this vulnerability in response to the attack.
What are the lessons you learnt from it? The questions are simple:
• Do you use out of support operating systems and software? This is not limit to only Window XP.
• Do you apply security patch to your systems and software timely?
If your answers to the first question is ‘Yes’, to the second question is ‘No’, then your systems and software like having a back door open to the hackers.
Many businesses are reluctant to provide funding to upgrade their systems and software. The availability of funds could be one reason, however, the other bigger reasons are because no new revenue generated on this investment, they don’t see that this investment is important in support their current business activities and revenue generation, and don’t fully understand the risks in terms the potential damages to the business in the areas of financials, regulatory and reputation etc.
Similarly, many users think that if the software still works why spend money?
Although the technology companies have the first responsibility to make their software secure, we as users need to do our part in combat cybercrime. In a wider spectrum, cybercrime comes in many different forms, what do you do to ensure that you are educated enough to prevent from falling in cybercriminals’ traps?
Cover image: Unsplash, Markus Spiske