For years now, more and more information has been moved into and stored in the digital world. Each and every day, we hear about yet another system that has been compromised, more data that has been stolen, or another ransomware attack that is shutting down computers around the world. One thing is for certain: these attacks and thefts of data are becoming increasingly frequent and nefarious in nature. Reports have been made that the most recent ransomware attack may not be ransomware at all, but rather something much worse.
With regard to data breaches, the list of companies and organizations that have been compromised covers a wide variety of entities, ranging from retail, media, and telecom to academic, medical, and government organizations, just to name a few. What is even more disconcerting about these breaches is the kind of data that is being harvested from them. Even companies that most likely maintain the most personal information, like Facebook, are not immune to human and coding errors that result in the publishing of information that should not be publicly available. What kinds of warm, fuzzy feelings do you get when you know the United States Department of Homeland Security has been breached from having poor security in place?
There is another kind of breach or theft of data that is exacerbating this problem, in ways that one would think to be quite unimaginable. It is not just the names of tools and methods from the likes of the National Security Agency (NSA) and Central Intelligence Agency that are stolen and publicly released, but also the source code for the hacking tools these agencies use on a daily basis. The source code and tools are now available to anyone and everyone. We are now just starting to gain an understanding of the price we are all going to pay due to the unscrupulous use of the stolen data.
As a recent case in point, one of the first uses of these stolen hacking tools appeared in the form of the WannaCry ransomware attack. This attack had the potential to be one of the worst attacks in history. Thankfully, a rudimentary kill switch had been added as part of the code, and the accidental discovery of the kill switch put a quick stop to this attack before it was able to circle the planet. Once it become clear what that kill switch was and how it was enabled, and that information became widely reported, the general consensus was the next attack would not be so easily stopped, if it all.
As it turns out, it did not take very long for the general consensus to be proven right with the next massive malware outbreak, which occurred at the end of June 2017. Although this new outbreak is being labeled as ransomware, some researchers are making a different assessment. Ransomware, by definition, is a program or process that seeks to make money by taking control of the infected device and locking the data with the use of encryption; perpetrators offer the encryption key, used to decrypt the data, only if the victim pays a ransom.
What has researchers questioning the true objective of this malware is that rather than extorting a ransom from its victims, its true objective was to permanently wipe out as many hard drives as possible that could be found on the network. It seems that the ransom screen that appeared on the infected computer was presented just for show. The researchers have discovered that during the encryption process, the ransom key or phrase used to encrypt the data, like the installation ID, is not saved and is not incorporated into any of the presented information. In other words, there is no way for the data to be decrypted and no way for the victim to recover the data.
Some researchers have suggested that this latest attack has used the ransomware aspect as a misdirection, and as something the media could run with as the narrative about the attack. What was ostensibly the method used by the attackers to receive payment was discovered and shut down rather quickly. This adds fuel to fire in support of the idea that this was not a form of ransomware and was not designed to make money. Some believe this attack could be sponsored by a national government. The malware has all the characteristics of a digital weapon in that it was designed to spread fast and to cause permanent damage, with the plausible deniability cover being a repeat ransomware attack.
Where are we headed, and what more do we get to look forward to? All indications seem to indicate that it will only get worse, when you consider that the latest attack was seeded and spread via the update mechanism for the M.E.Doc tax filling application, an application that is almost mandatory for companies that do business in the Ukraine. We are blindly heading toward the technology abyss.
Stephen Beaver is the co-author of VMware ESX Essentials in the Virtual Data Center and Scripting VMware Power Tools: Automating Virtual Infrastructure Administration as well as being contributing author of Mastering VMware vSphere 4 and How to Cheat at Configuring VMware ESX Server. Stephen is an IT Veteran with over 15 years experience in the industry. Stephen is a moderator on the VMware Communities Forum and was elected vExpert for 2009 and 2010. Stephen can also be seen regularly presenting on different topics at national and international virtualization conferences.