cyber security

How WannaCry caused global panic but failed to turn much of a profit

The cyber-attack hit 200,000 computers and a number of big global organisations. But it has only made $82,000 in ransom so far.

The recent WannaCry cyber-attack led to panic across the globe, showing just how important it is for organisations to have secure operating systems. This was not even the most sophisticated malware around. Numerous networks could easily cope with it and it largely hit legacy operating systems such as Windows XP.

In most corporate infrastructures, there would be no sign of Windows XP – and it seems unbelievable from a security perspective that the national health service of an advanced economy like the United Kingdom would run its critical infrastructure on such an unsafe, antiquated system.

Perhaps the most striking aspect of this recent attack is how unsuccessful it has been in terms of generating a ransom. As well as the National Health Service in the UK, it hit French car manufacturer Renault, US delivery service FedEx, Russia’s interior ministry and Spanish telecoms and gas companies. Yet, ransom payments currently total only around $82,000.

The chart shows the current balance of the three Bitcoin addresses known to be associated with the WannaCry ransomware. Source: Elliptic.
The chart shows the current balance of the three Bitcoin addresses known to be associated with the WannaCry ransomware. Source: Elliptic.

This is minuscule when we compare it to other ransomware attacks. CryptoWall made its author $325 million with over 406,000 attempted infections.

The interesting thing about the WannaCry ransomware is that it mostly hit large organisations with legacy networks – and they will often not pay ransoms as they have back-ups or run their data from a central server. Thus, despite more than 200,000 infections worldwide, there have been fewer than 200 payments.

The weak impact is because this is a different type of ransomware. The most successful ones spread through spear phishing emails and target individuals and small businesses, which often do not have back-ups. This ransomware was different in that it spread of its own accord through unpatched systems (systems that had not followed recent warnings to protect against a virus and back-up their files) – as a worm. But it is humans that are generally the weakest link when it comes to information security.

The perfect crime?

Ransomware is almost the perfect information technology crime. If an online criminal can trick you into installing malware, they can then lock your files and hold them ransom until you pay them a release fee. Only a secret encryption key, which they hold, can release the files.

It is simple, but highly effective. No virus scanner or law enforcement professional will be able to unlock your files unless they have the magic encryption key, and the longer the target takes to pay for it, the greater the risk there is to their business. As with any malware, though, there might be bugs in the software, so there’s no guarantee that you’ll get your files back, even if you do as the blackmailers say. And there’s always the risk that they will just ask for more money once you pay them. Some malware increases its ransom demands over time, ultimately deleting all the files affected.

Nonetheless, it means that the success rate of the crime is incredibly high – at around 65%, as sensitive and important documents are often the target of the infection.

Success rate for ransomware. Source: Trent Micro - New Research: Uncovering the Truth About Ransomware.
Success rate for ransomware. Source: Trent Micro - New Research: Uncovering the Truth About Ransomware.

Increasing infections

Computer security firm Trend Micro surveyed over 300 information technology decision makers in the United Kingdomin September 2016 and found that 44% of businesses have been affected by ransomware over the last two years. The same survey found 79 new types of ransomware in the first nine months of that year. This compared to just 29 in the whole of 2015.

This is a great worry for many companies. The impact on those affected by the infection can be costly, with an average of 33 person hours taken to fix it.

In around 20% of the cases, £1,000 was requested, with an overall average of £540. Some large organisations faced demands of as much as £1 million. But for many companies, this is the tip of the iceberg as it can be costly for a company in terms of reputation as customers could start seeing them as untrustworthy.

Perhaps the most frightening statistic that Trend Micro found was that in one in five cases, even when the company paid the ransom, they were unable to recover their important files – indicating that the ransomware service is not quite as robust as it should be.

If you ask many security professionals, the recent WannaCry ransomware was fairly easy to defend against, and was fairly unsophisticated. What it clearly shows is that there is still more success in tricking individuals than in spreading malware across large networks. The National Health Service does, though, need to make sure that not one unpatched computer ever goes near its network, and that employees understand that they shouldn’t click on suspicious links.

Meanwhile, with law enforcement agencies focused on the three Bitcoin wallets associated with WannaCry to try and find out who profits, there will be a whole lot more ransomware that goes unreported and unnoticed.
This article first appeared on The Conversation.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

India’s urban water crisis calls for an integrated approach

We need solutions that address different aspects of the water eco-system and involve the collective participation of citizens and other stake-holders.

According to a UN report, around 1.2 billion people, or almost one fifth of the world’s population, live in areas where water is physically scarce and another 1.6 billion people, or nearly one quarter of the world’s population, face economic water shortage. They lack basic access to water. The criticality of the water situation across the world has in fact given rise to speculations over water wars becoming a distinct possibility in the future. In India the problem is compounded, given the rising population and urbanization. The Asian Development Bank has forecast that by 2030, India will have a water deficit of 50%.

Water challenges in urban India

For urban India, the situation is critical. In 2015, about 377 million Indians lived in urban areas and by 2030, the urban population is expected to rise to 590 million. Already, according to the National Sample Survey, only 47% of urban households have individual water connections and about 40% to 50% of water is reportedly lost in distribution systems due to various reasons. Further, as per the 2011 census, only 32.7% of urban Indian households are connected to a piped sewerage system.

Any comprehensive solution to address the water problem in urban India needs to take into account the specific challenges around water management and distribution:

Pressure on water sources: Rising demand on water means rising pressure on water sources, especially in cities. In a city like Mumbai for example, 3,750 Million Litres per Day (MLD) of water, including water for commercial and industrial use, is available, whereas 4,500 MLD is needed. The primary sources of water for cities like Mumbai are lakes created by dams across rivers near the city. Distributing the available water means providing 386,971 connections to the city’s roughly 13 million residents. When distribution becomes challenging, the workaround is to tap ground water. According to a study by the Centre for Science and Environment, 48% of urban water supply in India comes from ground water. Ground water exploitation for commercial and domestic use in most cities is leading to reduction in ground water level.

Distribution and water loss issues: Distribution challenges, such as water loss due to theft, pilferage, leaky pipes and faulty meter readings, result in unequal and unregulated distribution of water. In New Delhi, for example, water distribution loss was reported to be about 40% as per a study. In Mumbai, where most residents get only 2-5 hours of water supply per day, the non-revenue water loss is about 27% of the overall water supply. This strains the municipal body’s budget and impacts the improvement of distribution infrastructure. Factors such as difficult terrain and legal issues over buildings also affect water supply to many parts. According to a study, only 5% of piped water reaches slum areas in 42 Indian cities, including New Delhi. A 2011 study also found that 95% of households in slum areas in Mumbai’s Kaula Bunder district, in some seasons, use less than the WHO-recommended minimum of 50 litres per capita per day.

Water pollution and contamination: In India, almost 400,000 children die every year of diarrhea, primarily due to contaminated water. According to a 2017 report, 630 million people in the South East Asian countries, including India, use faeces-contaminated drinking water source, becoming susceptible to a range of diseases. Industrial waste is also a major cause for water contamination, particularly antibiotic ingredients released into rivers and soils by pharma companies. A Guardian report talks about pollution from drug companies, particularly those in India and China, resulting in the creation of drug-resistant superbugs. The report cites a study which indicates that by 2050, the total death toll worldwide due to infection by drug resistant bacteria could reach 10 million people.

A holistic approach to tackling water challenges

Addressing these challenges and improving access to clean water for all needs a combination of short-term and medium-term solutions. It also means involving the community and various stakeholders in implementing the solutions. This is the crux of the recommendations put forth by BASF.

The proposed solutions, based on a study of water issues in cities such as Mumbai, take into account different aspects of water management and distribution. Backed by a close understanding of the cost implications, they can make a difference in tackling urban water challenges. These solutions include:

Recycling and harvesting: Raw sewage water which is dumped into oceans damages the coastal eco-system. Instead, this could be used as a cheaper alternative to fresh water for industrial purposes. According to a 2011 World Bank report, 13% of total freshwater withdrawal in India is for industrial use. What’s more, the industrial demand for water is expected to grow at a rate of 4.2% per year till 2025. Much of this demand can be met by recycling and treating sewage water. In Mumbai for example, 3000 MLD of sewage water is released, almost 80% of fresh water availability. This can be purified and utilized for industrial needs. An example of recycled sewage water being used for industrial purpose is the 30 MLD waste water treatment facility at Gandhinagar and Anjar in Gujarat set up by Welspun India Ltd.

Another example is the proposal by Navi Mumbai Municipal Corporation (NMMC) to recycle and reclaim sewage water treated at its existing facilities to meet the secondary purposes of both industries and residential complexes. In fact, residential complexes can similarly recycle and re-use their waste water for secondary purposes such as gardening.

Also, alternative rain water harvesting methods such as harvesting rain water from concrete surfaces using porous concrete can be used to supplement roof-top rain water harvesting, to help replenish ground water.

Community initiatives to supplement regular water supply: Initiatives such as community water storage and decentralized treatment facilities, including elevated water towers or reservoirs and water ATMs, based on a realistic understanding of the costs involved, can help support the city’s water distribution. Water towers or elevated reservoirs with onsite filters can also help optimize the space available for water distribution in congested cities. Water ATMs, which are automated water dispensing units that can be accessed with a smart card or an app, can ensure metered supply of safe water.

Testing and purification: With water contamination being a big challenge, the adoption of affordable and reliable multi-household water filter systems which are electricity free and easy to use can help, to some extent, access to safe drinking water at a domestic level. Also, the use of household water testing kits and the installation of water quality sensors on pipes, that send out alerts on water contamination, can create awareness of water contamination and drive suitable preventive steps.

Public awareness and use of technology: Public awareness campaigns, tax incentives for water conservation and the use of technology interfaces can also go a long way in addressing the water problem. For example, measures such as water credits can be introduced with tax benefits as incentives for efficient use and recycling of water. Similarly, government water apps, like that of the Municipal Corporation of Greater Mumbai, can be used to spread tips on water saving, report leakage or send updates on water quality.

Collaborative approach: Finally, a collaborative approach like the adoption of a public-private partnership model for water projects can help. There are already examples of best practices here. For example, in Netherlands, water companies are incorporated as private companies, with the local and national governments being majority shareholders. Involving citizens through social business models for decentralized water supply, treatment or storage installations like water ATMs, as also the appointment of water guardians who can report on various aspects of water supply and usage can help in efficient water management. Grass-root level organizations could be partnered with for programmes to spread awareness on water safety and conservation.

For BASF, the proposed solutions are an extension of their close engagement with developing water management and water treatment solutions. The products developed specially for waste and drinking water treatment, such as Zetag® ULTRA and Magnafloc® LT, focus on ensuring sustainability, efficiency and cost effectiveness in the water and sludge treatment process.

BASF is also associated with operations of Reliance Industries’ desalination plant at Jamnagar in Gujarat.The thermal plant is designed to deliver up to 170,000 cubic meters of processed water per day. The use of inge® ultrafiltration technologies allows a continuous delivery of pre-filtered water at a consistent high-quality level, while the dosage of the Sokalan® PM 15 I protects the desalination plant from scaling. This combination of BASF’s expertise minimizes the energy footprint of the plant and secures water supply independently of the seasonal fluctuations. To know more about BASF’s range of sustainable solutions and innovative chemical products for the water industry, see here.

This article was produced by the Scroll marketing team on behalf of BASF and not by the Scroll editorial team.