cyber security

How WannaCry caused global panic but failed to turn much of a profit

The cyber-attack hit 200,000 computers and a number of big global organisations. But it has only made $82,000 in ransom so far.

The recent WannaCry cyber-attack led to panic across the globe, showing just how important it is for organisations to have secure operating systems. This was not even the most sophisticated malware around. Numerous networks could easily cope with it and it largely hit legacy operating systems such as Windows XP.

In most corporate infrastructures, there would be no sign of Windows XP – and it seems unbelievable from a security perspective that the national health service of an advanced economy like the United Kingdom would run its critical infrastructure on such an unsafe, antiquated system.

Perhaps the most striking aspect of this recent attack is how unsuccessful it has been in terms of generating a ransom. As well as the National Health Service in the UK, it hit French car manufacturer Renault, US delivery service FedEx, Russia’s interior ministry and Spanish telecoms and gas companies. Yet, ransom payments currently total only around $82,000.

The chart shows the current balance of the three Bitcoin addresses known to be associated with the WannaCry ransomware. Source: Elliptic.
The chart shows the current balance of the three Bitcoin addresses known to be associated with the WannaCry ransomware. Source: Elliptic.

This is minuscule when we compare it to other ransomware attacks. CryptoWall made its author $325 million with over 406,000 attempted infections.

The interesting thing about the WannaCry ransomware is that it mostly hit large organisations with legacy networks – and they will often not pay ransoms as they have back-ups or run their data from a central server. Thus, despite more than 200,000 infections worldwide, there have been fewer than 200 payments.

The weak impact is because this is a different type of ransomware. The most successful ones spread through spear phishing emails and target individuals and small businesses, which often do not have back-ups. This ransomware was different in that it spread of its own accord through unpatched systems (systems that had not followed recent warnings to protect against a virus and back-up their files) – as a worm. But it is humans that are generally the weakest link when it comes to information security.

The perfect crime?

Ransomware is almost the perfect information technology crime. If an online criminal can trick you into installing malware, they can then lock your files and hold them ransom until you pay them a release fee. Only a secret encryption key, which they hold, can release the files.

It is simple, but highly effective. No virus scanner or law enforcement professional will be able to unlock your files unless they have the magic encryption key, and the longer the target takes to pay for it, the greater the risk there is to their business. As with any malware, though, there might be bugs in the software, so there’s no guarantee that you’ll get your files back, even if you do as the blackmailers say. And there’s always the risk that they will just ask for more money once you pay them. Some malware increases its ransom demands over time, ultimately deleting all the files affected.

Nonetheless, it means that the success rate of the crime is incredibly high – at around 65%, as sensitive and important documents are often the target of the infection.

Success rate for ransomware. Source: Trent Micro - New Research: Uncovering the Truth About Ransomware.
Success rate for ransomware. Source: Trent Micro - New Research: Uncovering the Truth About Ransomware.

Increasing infections

Computer security firm Trend Micro surveyed over 300 information technology decision makers in the United Kingdomin September 2016 and found that 44% of businesses have been affected by ransomware over the last two years. The same survey found 79 new types of ransomware in the first nine months of that year. This compared to just 29 in the whole of 2015.

This is a great worry for many companies. The impact on those affected by the infection can be costly, with an average of 33 person hours taken to fix it.

In around 20% of the cases, £1,000 was requested, with an overall average of £540. Some large organisations faced demands of as much as £1 million. But for many companies, this is the tip of the iceberg as it can be costly for a company in terms of reputation as customers could start seeing them as untrustworthy.

Perhaps the most frightening statistic that Trend Micro found was that in one in five cases, even when the company paid the ransom, they were unable to recover their important files – indicating that the ransomware service is not quite as robust as it should be.

If you ask many security professionals, the recent WannaCry ransomware was fairly easy to defend against, and was fairly unsophisticated. What it clearly shows is that there is still more success in tricking individuals than in spreading malware across large networks. The National Health Service does, though, need to make sure that not one unpatched computer ever goes near its network, and that employees understand that they shouldn’t click on suspicious links.

Meanwhile, with law enforcement agencies focused on the three Bitcoin wallets associated with WannaCry to try and find out who profits, there will be a whole lot more ransomware that goes unreported and unnoticed.
This article first appeared on The Conversation.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

How sustainable farming practices can secure India's food for the future

India is home to 15% of the world’s undernourished population.

Food security is a pressing problem in India and in the world. According to the Food and Agriculture Organization of the UN (FAO), it is estimated that over 190 million people go hungry every day in the country.

Evidence for India’s food challenge can be found in the fact that the yield per hectare of rice, one of India’s principal crops, is 2177 kgs per hectare, lagging behind countries such as China and Brazil that have yield rates of 4263 kgs/hectare and 3265 kgs/hectare respectively. The cereal yield per hectare in the country is also 2,981 kgs per hectare, lagging far behind countries such as China, Japan and the US.

The slow growth of agricultural production in India can be attributed to an inefficient rural transport system, lack of awareness about the treatment of crops, limited access to modern farming technology and the shrinking agricultural land due to urbanization. Add to that, an irregular monsoon and the fact that 63% of agricultural land is dependent on rainfall further increase the difficulties we face.

Despite these odds, there is huge potential for India to increase its agricultural productivity to meet the food requirements of its growing population.

The good news is that experience in India and other countries shows that the adoption of sustainable farming practices can increase both productivity and reduce ecological harm.

Sustainable agriculture techniques enable higher resource efficiency – they help produce greater agricultural output while using lesser land, water and energy, ensuring profitability for the farmer. These essentially include methods that, among other things, protect and enhance the crops and the soil, improve water absorption and use efficient seed treatments. While Indian farmers have traditionally followed these principles, new technology now makes them more effective.

For example, for soil enhancement, certified biodegradable mulch films are now available. A mulch film is a layer of protective material applied to soil to conserve moisture and fertility. Most mulch films used in agriculture today are made of polyethylene (PE), which has the unwanted overhead of disposal. It is a labour intensive and time-consuming process to remove the PE mulch film after usage. If not done, it affects soil quality and hence, crop yield. An independently certified biodegradable mulch film, on the other hand, is directly absorbed by the microorganisms in the soil. It conserves the soil properties, eliminates soil contamination, and saves the labor cost that comes with PE mulch films.

The other perpetual challenge for India’s farms is the availability of water. Many food crops like rice and sugarcane have a high-water requirement. In a country like India, where majority of the agricultural land is rain-fed, low rainfall years can wreak havoc for crops and cause a slew of other problems - a surge in crop prices and a reduction in access to essential food items. Again, Indian farmers have long experience in water conservation that can now be enhanced through technology.

Seeds can now be treated with enhancements that help them improve their root systems. This leads to more efficient water absorption.

In addition to soil and water management, the third big factor, better seed treatment, can also significantly improve crop health and boost productivity. These solutions include application of fungicides and insecticides that protect the seed from unwanted fungi and parasites that can damage crops or hinder growth, and increase productivity.

While sustainable agriculture through soil, water and seed management can increase crop yields, an efficient warehousing and distribution system is also necessary to ensure that the output reaches the consumers. According to a study by CIPHET, Indian government’s harvest-research body, up to 67 million tons of food get wasted every year — a quantity equivalent to that consumed by the entire state of Bihar in a year. Perishables, such as fruits and vegetables, end up rotting in store houses or during transportation due to pests, erratic weather and the lack of modern storage facilities. In fact, simply bringing down food wastage and increasing the efficiency in distribution alone can significantly help improve food security. Innovations such as special tarpaulins, that keep perishables cool during transit, and more efficient insulation solutions can reduce rotting and reduce energy usage in cold storage.

Thus, all three aspects — production, storage, and distribution — need to be optimized if India is to feed its ever-growing population.

One company working to drive increased sustainability down the entire agriculture value chain is BASF. For example, the company offers cutting edge seed treatments that protect crops from disease and provide plant health benefits such as enhanced vitality and better tolerance for stress and cold. In addition, BASF has developed a biodegradable mulch film from its ecovio® bioplastic that is certified compostable – meaning farmers can reap the benefits of better soil without risk of contamination or increased labor costs. These and more of the company’s innovations are helping farmers in India achieve higher and more sustainable yields.

Of course, products are only one part of the solution. The company also recognizes the importance of training farmers in sustainable farming practices and in the safe use of its products. To this end, BASF engaged in a widespread farmer outreach program called Samruddhi from 2007 to 2014. Their ‘Suraksha Hamesha’ (safety always) program reached over 23,000 farmers and 4,000 spray men across India in 2016 alone. In addition to training, the company also offers a ‘Sanrakshan® Kit’ to farmers that includes personal protection tools and equipment. All these efforts serve to spread awareness about the sustainable and responsible use of crop protection products – ensuring that farmers stay safe while producing good quality food.

Interested in learning more about BASF’s work in sustainable agriculture? See here.

This article was produced by the Scroll marketing team on behalf of BASF and not by the Scroll editorial team.