USA TODAY International Edition
How U. S. dodged cyberattack
Software updates, geography — and luck — saved the day
SAN FRANCISCO The massive WannaCry ransomware attack has hit hundreds of thousands of computers from Taiwan to the United Kingdom. Despite the global nature of the attack, few networks and companies in the United States appear to have been hit.
The reason, say cybersecurity analysts, is a combination of luck, geography and adherence to software updates, though the United States is by no means invulnerable to such attacks.
The attack encrypted all the files on an infected computer and demanded the equivalent of approximately $ 300 in bitcoin, an untraceable digital currency, to unlock a user’s data. It began Friday and quickly spread, infecting computers at Spanish phone company Telefonica, one- fifth of the hospitals in the United Kingdom — forcing some doctors to halt procedures or turn patients away — as well as automaker Renault and U. S. shipper FedEx. Over the weekend, it hit thousands of computers in Asia.
But fears it would bring companies to a standstill Monday morning weren’t realized.
“The good news is the infection rates have slowed over the weekend,” said U. S. Homeland Security adviser Tom Bossert in a news conference Monday. He said the attack affected more than 300,000 victims in 150 countries, but only a small number of U. S. parties fell victim. U. S. federal systems hadn’t been infected, he said.
The WannaCry ransomware takes advantage of flaws in unpatched copies of some versions of Windows, especially Windows XP. Users still running that operating system, which Microsoft stopped supporting three years ago, were vulnerable to an attack. Microsoft issued a patch to fix the vulnerability on March 14, but many systems did not install it.
Ransomware has existed since at least 2005, but this one is different, making the attack more worrisome.
Unlike typical ransomware hacks, which require an individual user to open an emailed attachment or click on an advertisement that contains malicious software, the WannaCry hack appears able to transmit itself without the user doing anything.
“WannaCry is the first one to completely automate,” said Craig Williams, a senior technical leader at at Talos, the security research arm of tech company Cisco.
The ransomware spreads from network to network, using a vulnerability taken from cyber tools released in an online data dump by a group calling itself the Shadow Brokers. Some cyber analysts say the group stole the vulnerability from the National Security Agency.
Unlike typical attacks, the WannaCry hack appears able to transmit itself without the user doing anything.