More than 200,000 computers worldwide were found to have been encrypted on May 12 with a cyber attack called WannaCry, including some in Cook County.
WannaCry is a form of ransomware. It took hostage of the files on systems using out-of-date Microsoft software and prodded users to send a ransom over bitcoin, a secure digital currency.
Each ransom amounted to at least $300. Quartz Media set up a bot to monitor the ransom payments. As of May 19, the three bitcoin wallets associated with the WannaCry attacks have received 293 payments, totaling 48.25751965 Bitcoin or $93,955.34.
However, not every victim chose to pay the ransom. According to StateScoop, Cook County was the first local government in the U.S. to discover the cyber attack.
“Cook County did have some involvement with the virus last week,” Cook County spokesperson Frank Shuftan told the DePaulia.
“It was relatively minor. It was discovered rather quickly. It was dealt with. It did not impact any critical county operations. We have restored all but a very few applications to this point, and are also focused on increasing security of our system,” Shuftan said.
In restoring the applications, Shuftan said Cook County used an IT security team and did not pay the ransom.
While computers related to businesses and local government were hit in the U.S., they by no means received the brunt of the attack. European and Asian countries reported the most attacks in the 150 countries targeted.
College of Computing and Digital Media Professor Jacob Furst says the location of attacks has more to do with other countries not having as much updated software rather than specific targeting by the attacker.
Furst, an expert in computer security, is also the director of the DePaul Information Assurance Center. He joined a panel of experts for Chicago Tonight to discuss the WannaCry cyber attack on May 15.
“This malware was set out and programmed to spread as much as possible,” Furst said. “It was designed to go as far as it could. If any area got less affected it was because there were less targets to affect. Either the patching wasn’t in place or the targets didn’t exist.”
The patching Furst refers to is how WannaCry can be beat. While successful short-term attempts have been made to “kill” the malware, the only sure fire way to not be affected by a similar future ransomware attack is to “patch” or update software.
“One of the exploits the ransomer used was an exploit called Eternal Blue that took advantage of a particular flaw in the Microsoft operating system,” Furst said.
While Microsoft issued an update shortly after in March, some users didn’t utilize it in time.
“Those who either could not get the patch or weren’t able to deploy it in time were targets for infection,” Furst said.
Because Microsoft’s default setting on individual computers is to install patches automatically, many individuals’ computers were safe from the attack.
Another cause of the vastness of the cyber attack is the continual use of unsupported Microsoft software. Unsupported and pirated Microsoft software did not receive the protective patches in March. In addition to targeting unpatched software, WannaCry sought out three versions of the Microsoft Operating System, which the system no longer supports, including Windows XP.
However, in an effort to preempt future attacks and protect all systems, Microsoft issued a patch to its unsupported software as well.
DePaul University did not report any threats of the cyber attack. One explanation for this could be DePaul runs primarily on Macintosh versus Microsoft. Furst said no similar flaw in the Mac software has been found yet to allow for encryption like WannaCry.
As for future attacks, Furst said it’s almost certain. While the original attacker may have received more attention and finances than anticipated, potentially scaring him or her off, copycat attackers should be expected.
Ransomware attacks have been around since 2010, and have made a noticeable jump in activity in 2013. Brian Fung at the Wall Street Journal reported some analysts expect an even bigger upswing of ransom-based cyber attacks to occur in 2017.
For those who operate Microsoft software, the solution is to patch it up.
Furst called this attack a wake-up call.
“If you’re not installing the patches, I’m sorry but there are bad people out there and you have to protect yourself,” he said. “The patch is out there, it’s free. You just need to make sure it gets done.”