On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. The BBC stated, “There have been reports of infections in as many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan. Computers in thousands of locations have apparently been locked by a program that demands $300 in Bitcoin.”
CNET reported, “The ransomware attack that hit 16 National Health Service (NHS) hospitals in the U.K. and also hit up to 52,000 devices across other countries using an exploit called the WanaCrypt0r 2.0 ransomware. The majority of the new malware was targeting Russia, Ukraine and Taiwan, Avast Threat Lab team lead Jakub Kroustek said.”
WanaCryptor 2.0 Attack’s Impact on UK Hospitals
Multiple hospitals in the NHS pushed information via social media to the local population to contact their hospitals before traveling to determine if those hospitals were open for operations. The NHS is the government-run, major medical system in the U.K., so hackers have only one system to breach and install ransomware.
The advantage to the American healthcare system is that we have multiple hospital systems. While there have been major hacks against a few major U.S. hospitals and insurance companies, it is more difficult to penetrate all of these unconnected systems.
If the U.S. healthcare system were to migrate to a single health system like the NHS, the security of our healthcare system would require more safeguards. But these multiple healthcare systems provide some additional security for patient data; the competition provides some additional security.
Ransomware Could Escalate into Strategic Attacks on the US
It is possible that the use of ransomware could escalate and ransomware could be used for strategic attacks against the United States. Imagine the potential of ransomware that attacks an entire sector of a country, such as healthcare and hospitals.
For example, what if there was a ransomware attack that affected both a hospital’s computer system and its interconnected phone system? In the U.K., you must contact the hospital before bringing in a patient for treatment. Patient care would be unnecessarily delayed as the problems with that hospital’s computers and phone system were solved.
Although a hospital’s managers could theoretically shut down uninfected computer and phone systems to prevent ransomware infections, that security measure would be self-defeating and would replicate the impact of a ransomware attack. Without access to phones or health records, hospital employees would have difficulty doing their jobs properly.
Ransomware Attacks Could Impact Strategic Actions and Confidence in Government
Taking major hospital systems offline and causing hospitals to tell their patients not to go to specific hospitals causes a public lack of confidence in government systems. Patients become worried and uneasy when they are told that their health data records are unavailable and “the hospital is not in control of your personal health records at this time.”
In Latin American insurgencies in the 1980s, the goal of insurgents was to destabilize countries and make the population unsure that the government can protect them. The same type of impact could happen with a strategic cyberattack or strategic ransomware.
Potential Solution to the WanaCrypt0r 2.0 Ransomware Attack
Microsoft released a patch in March for the vulnerability that the WanaCrypt0r 2.0 ransomware exploits. Unfortunately, many computer systems have not been updated. This lack of action could leave a legal avenue for customers to sue for damages caused by the company’s negligence in performing software updates.
Long-Term Impact of WanaCryptor 2.0 Ransomware Attack
The WanaCrypt0r 2.0 ransomware attack that impacted so many countries could end in a multitude of ways. As the attack is investigated, we may see that the attack was caused by criminals trying to make money. But if the attack involved a nation-state intent on destroying other countries’ computer systems and holding systems for ransom, this situation could become more serious and potentially lead to war.
The news that some of the ransomware demands payments in small sums of $300 to $600 to restore access indicates this attack is a criminal matter. The scope and impact of the WanaCrypt0r 2.0 attack is wide.
But the WanaCrypt0r 2.0 ransomware attack may have one positive outcome. With the number of countries involved in this latest ransomware attack, there may be an increase of cooperation between law enforcement agencies across the world on cyber crimes.
About the Author
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job.”