The internet has brought the world closer together by connecting remote users and organizations with one another. Additionally, it has inspired a wave of innovation that rivals most in human history. The world got smaller, people connected, as did the ability of businesses and organizations to reach clients and consumers faster.
But as with any level of innovation comes the ability for it to be used for nefarious purposes. As the world connects, innovation flourishes, and more users and devices join the interconnected web, the exploitation of these new connections steadily rises in its shadow.
In 2017, a very prominent example of such exploitation burst out of the gates in the form of the devastating malware known as WannaCry. Unlike a lot of malware that quietly embeds in devices and collects user data, this one made a big splash by outwardly holding organizations’ precious user data for ransom. Hospitals were targeted specifically, as healthcare ransomware would be something hackers felt would yield at least some ransom payments.
Effects of WannaCry
Users want to believe that their devices and data are secure. But no system is perfect or infallible, and exploitation of vulnerabilities in popular operating systems such as Windows was the malware’s main target.
Once acquired by a device, WannaCry possesses the ability to embed itself in the yet unnoticed flaws in the Windows operating system. In a world where devices are interconnected on networks, a compromise of one device is an immediate danger to all of the others. By infecting the operating systems of devices in hospitals and manufacturing organizations, it spread ravenously through the networks, infecting over 300,000 in about 4 days.
As it spread, organizations began to be exploited for ransom in order for worm to release its grip from the system. The costs of such attacks were estimated at about $4 billion. The afflicted organizations paid out about $325,000 in ransom payments to gain control back.
Why Hospitals Were So Vulnerable
Hospitals were especially hard hit, as private information of patients was compromised. Not all hospitals have the financial stability of being able to keep their devices and networks as fully secure as they should be, but even those that did have the funds fell victim to this type of healthcare ransomware.
In an industry where the patients’ safety is paramount, hospitals are often resistant to many modifications to their systems. The potential new flaws introduced by changes are regarded as carrying too much risk of instability to a system vastly reliant on being stable and secure. Therefore, many healthcare organizations continued the use of machines with outdated software.
Older operating systems get much less attention, with resources moving to the maintenance and security of newer, more widely used versions. The availability of proactive patches to flaws found decreases, leaving older operating systems with greater vulnerabilities.
Even with vigilant efforts, a device at a hospital could be infected. When infected devices are identified, and a rapid effort is made to pull them from the network, it is challenging to identify exactly how broad of a network impact was made. Adding the fact that many devices are unmanaged, increases the risk further.
A device could be pulled from the network, but the malware could have spread much further than just that sector. When these devices are deemed “fixed”, and are connected back to the network, they stand the risk of potentially reintroducing some hidden worm back into play. There is also a period of time prior to this detection to consider. The section of the network is often bridged to other networks, allowing for worms like WannaCry to hop to other network devices and continue wreaking havoc.
Containment
Once identified, the vulnerability for WannaCry was patched within a few days, but not before incurring billions in cost to the affected organizations. Recent studies have shown, however, that while WannaCry patches have been reduced, the ransomware is alive and well, estimating that 145,000 devices worldwide continue to remain infected.
These devices are also parts of their own networks. Some of these networks may include connected peripheries outside of just Windows operating systems. For example, many TVs currently equipped with “smart” technology are now part of networks. The architecture of operating systems for devices like that is not nearly as complex or as equipped as Windows, making these devices easy to compromise.
On top of that, unlike operating system providers who are typically vigilant about cranking out patches and updates on a regular basis, such is likely not the case with updates for other technology. A worm such as WannaCry, therefore, can continue to inflict damage, even though its effects are considered to be contained by larger organizations.
