ITP Techblog

The next wave of attacks relating to the WannaCry ransomware attack are starting to roll in with reports of oh-so helpful phone calls to those at risk and a new variant that includes a work around to the kill switch solution released yesterday.

The ransomware attack (which goes by many names but which, for simplicity sake, we'll refer to as WannaCry) spread rapidly through 150 countries where a large number of older operating systems remain in widespread use, and which has affected up to 300,000 machines. Several health providers, including many in the UK's National Health Service, have seen files seized by the attackers, prompting much discussion of the funding issues in such jurisdictions

Locally, only Lyttleton Port has public confessed to any impact, suspending operations while it overhauls its IT systems.

The suspension will allow the Port to upgrade computers and embedded systems used in port operation.

Meanwhile, Microsoft has pointed the finger of blame squarely at the National Security Agency, the US spy agency responsible for electronic intelligence gathering.

According to Microsoft, the WannaCry exploits used in the attack "were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers."

The NSA's approach in the past has been to hoard information relating to exploits and flaws in security rather than share the information more widely. Microsoft says security matters are a shared responsibility and that governments, particularly the US government, should be more engaged in trying to head off such attacks.

"[T]his attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

The WannaCry attack is the first major test of the newly minted CERT NZ, the government's first line of defence in cyber-attacks.

CERT NZ released an advisory swiftly on May 13 and updated it with new information on the 15th. As yet most New Zealand businesses and computer users are unlikely to have signed up for the advisory service (the agency only went live properly last month) so if anything else, WannaCry will do a good job of ensuring CERT NZ gets plenty of new subscribers.