Weekly Roundup 5/16/2017

Last Friday marked the outbreak of a massive ransomware cyberattack named "WannaCry" that hit computer systems across the globe. Infected computers had their data encrypted, followed by a message saying that data would only be unencrypted if the owner paid $300 to an anonymous bitcoin account (although there is no evidence that files will or even can be unencrypted if the ransom is paid). The malware hit numerous companies such as FedEx and Deutsche Bahn and also spread to government agencies including the Russian Ministry of the Interior and the UK's National Health Service, in the latter case putting lives at risk as hospitals lost access to medical records. Over 200,000 computers have been affected, and there is currently no way to recover encrypted files unless a computer was backed up.

 

The virus exploited a vulnerability in Windows known as EternalBlue that was revealed in leaked NSA documents. When the NSA discovers a vulnerability in a major piece of software, national security officials undergo a Vulnerability Equities Process (VEP) to decide whether to contact the software's creator to have it fixed or to keep it secret for NSA use. EternalBlue was initally kept secret, but after becoming aware of the leak, the NSA contacted Microsoft who issued a patch fixing the vulnerability two months ago. The attack was successful however because the patch did not reach numerous computers such as those that were not set for regular Windows updates, those running an outdated version of Windows like XP, and those running systems too critical or sensitive to allow updates on. Experts warn that there is not an easy fix to prevent a similar attack in the future, demonstrating that the age of serious cyberattacks is upon us.

Civic Tech:

ICT4D:

Open Internet:

Cyber Security:

Blockchain: