The destructive potential of ransomware, the malicious software that is used to extort money from victims, is huge: in the first half of 2017, two major outbreaks, WannaCry and NotPetya, led to service outages from organisations around the world. A third of the UK's National Health Service was hit by WannaCry, and the outbreak was estimated by risk modelling firm Cyence to have cost up to $4bn in lost revenues and mitigation expenses. Then, a month later, NotPetya (so-called because it is not Petya, another type of ransomware with which it was initially mistaken), brought down a significant chunk of the Ukrainian government, pharmaceutical company Merck, shipping firm Maersk, and the advertising agency WPP, as well as the radiation monitoring system at Chernobyl. But while both outbreaks wrought huge costs on the organisations they infected, they were surprisingly unrewarding for their creators. The WannaCry payment address has taken just $149,545 (£113,814) to date, while the NotPetya address took much less: £8,456 ($11,181).
A year ago, network security specialists spotted a worrying new trend: hackers began unleashing ransomware attacks on really big targets--America's cities. Atlanta, Baltimore, and Greenville, N.C. would later grind to a halt after devastating computer outages disrupted everything from the collection of parking tickets to the sale of new homes. The next big thing that keeps computer scientist Adam Kujawa up at night? Ransomware powered by artificial intelligence, a development that could give exploits such as RobbinHood and WannaCry a potent new makeover to evade cyber defenses, burrow into computer networks and wreak mayhem. In recent years, artificial intelligence and machine learning have been a godsend to IT security professionals, enabling them to detect malware sooner--even the moment it enters the wild--keeping networks more secure and corporate assets safer. But the same technologies that are supercharging network defenses could become a powerfully destructive counter-threat in the wrong hands, experts warn.
What is a ransomware attack? Ransomware has grown to be one of the biggest problems on the web. Victims can often only regain access to their encrypted files and PCs by paying a ransom to the criminals behind the ransomware. A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes if vital files and documents (think spreadsheets and invoices) are suddenly encrypted and inaccessible. But that's not the only way to get infected. Cybercriminals didn't used to be so obvious. If hackers infiltrated your corporate network, they would do everything possible to avoid detection. It was in their best interests not to alert a victim that they'd fallen victim to a cybercriminal. But now, if you are attacked with file-encrypting ransomware, criminals will brazenly announce they're holding your corporate data hostage until you pay a ransom in order to get it back. It might sound too simple, but it's working: cybercriminals pocketed over $1bn from ransomware attacks during 2016 alone and a Europol report describes it as having "eclipsed" most other global cybercriminal threats in 2017.
A new strain of ransomware has spread quickly all over the world, causing crises in National Health Service hospitals and facilities around England, and gaining particular traction in Spain, where it has hobbled the large telecom company Telefonica, the natural gas company Gas Natural, and the electrical company Iberdrola. You know how people always talk about "the big one"? As far as ransomware attacks go, this looks a whole lot like it. The ransomware strain WannaCry (also known as WanaCrypt0r and WCry) that caused Friday's barrage appears to be a new variant of a type that first appeared in late March. This new version has only gained steam since its initial barrage, with tens of thousands of infections in 74 countries so far today as of publication time.
As we become increasingly dependent on sprawling computer networks, we're increasingly vulnerable to hackers who exploit weaknesses in them. A recent trend is cyberattacks on American cities. Last year, hackers in Dallas gained the ability to turn on tornado sirens at will. And for weeks, the city of Baltimore has struggled to revive computer systems paralyzed by hackers demanding money. Our guest, New York Times cybersecurity correspondent Nicole Perlroth, says even more troubling is the fact that the Baltimore hackers used stolen cyberweapons originally developed by the U.S. National Security Agency. Perlroth has reported on the proliferation of cyberweapons used by countries against each other, by hackers against governments and corporations and by private security firms willing to give clients digital espionage capabilities for the right price. Perlroth has also reported on concerns about interference in the 2020 presidential campaign and evidence that voting technology may have been hacked in one swing state in the 2016 election. I spoke to her yesterday. We've seen cases where cities have suffered cyberattacks. One of the best known as Baltimore. Let's take that as an example. NICOLE PERLROTH: Well, about a month ago, cybercriminals infected Baltimore with a type of ransomware, which is just malware that locks up your systems. And the attackers will demand a ransom to unlock them.