Summary: Let’s take a break from the media hysteria about the massive global attack by software built by the NSA. Cybersecurity expert Marcus Ranum explains why hospitals were the focus of the attack, why organizations are so vulnerable after a decade of warnings, and what will create effective defenses. This continues our years of coverage about cybersecurity, one of the most important frontiers of 21stC conflict. Second of two posts today.
“At the moment we are in the face of an escalating threat, the numbers are going up. I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.”
— Rob Wainwrigh (the executive director of Europol) on ITV’s “Preston on Sunday”, from the NYT’s “Cyberattack’s Impact Could Worsen in ‘Second Wave’ of Ransomware“.
“The Massive Ransomware Attack – and the Most Boring Topic in IT Security“
By Marcus Ransom. From the FreeThought Blogs.
Reposted with his generous permission.
Text deleted by the author’s request. Another disgruntled leftist!
Some useful news stories about the event
- Technical details: “WannaCry ransomware used in widespread attacks all over the world“.
- NYT: “Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool“.
- BBC: “GPs and hospitals hit by ransomware“.
- BBC: “Security blogger halts ransomware ‘by accident’“. Here is his report.
- BBC: “Europol says it was unprecedented in scale“.
- BBC: “Nissan’s Sunderland plant hit by cyber-attack“.
- Reuters: “German rail operator affected by global cyber attack“.
- Reuters: “Renault stops production at some sites after cyber attack“.
- Reuters: “FedEx reports malware interference in global cyberattack“.
- Reuters: “Telefonica, other Spanish firms hit in “ransomware” attack“.
- Reuters: “Swedish engineering group Sandvik says hit in cyber attack“.
- RIA reported by Reuters: “Russia’s central bank says domestic banks withstood massive cyber attacks“.
- China Plus: “Global cyber-attack hits Chinese universities“.
- Comment by William Binney about this incident. He is a former senior NSA executive (Wikipedia).

About the author
Marcus J. Ranum is a cybersecurity consultant and author of The Myth of Homeland Security (2003).
He is a world-renowned expert on security system design and implementation. He is recognized as an early innovator in firewall technology, and the implementor of the first commercial firewall product. Since the late 1980′s, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR’s Network Flight Recorder intrusion detection system.
He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC “Clue” award for service to the security community, and the ISSA Lifetime Achievement Award. Marcus is Chief Of Security for Tenable Security, Inc., where he is responsible for research in open source logging tools, and product training. He serves as a technology advisor to a number of start-ups, established concerns, and venture capital groups.
For More Information
If you liked this post, like us on Facebook and follow us on Twitter. See all posts by Marcus Ranum, about Cyber-security and Cyber-crime, and especially these…
- The Best Defense Is a Strong Defense. Never Fight a Land War in Cyberspace — By Marcus Ranum.
- Unraveling the Complexities of Cyber Terrorism, by Edwin Covert.
- Complacency in Cyberspace May Be Our Biggest Vulnerability, by Emilio Iasiello.
- Is the best defense a strong offense in cybersecurity? — By Emilio Iasiello.
- Stratfor: it’s the breakout year for cybercrime! How do we fight it?
- After the largest cyberattack ever, here’s how to defend against the next & bigger ones — by Marcus Ranum.
- Cybercrime: Now More Profitable Than The Drug Trade.
Thanks much for this pro-sanity post. I am just an ordinary user but I remembered Cliff Stolls book “The Cuckoos Egg” when you mentioned the MRI machine. I highly recommend it–see below.
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
(1989). From the publisher:
“Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker’s code name was “Hunter” — a mystery invader hiding inside a twisting electronic labyrinth, breaking into U.S. computer systems and stealing sensitive military and security information. Stoll began a one-man hunt of his own, spying on the spy — and plunged into an incredible international probe that finally gained the attention of top U.S. counterintelligence agents. The Cuckoo’s Egg is his wild and suspenseful true story — a year of deception, broken codes, satellites, missile bases, and the ultimate sting operation — and how one ingenious American trapped a spy ring paid in cash and cocaine, and reporting to the KGB.”
Neil,
Thank you for feedback on Marcus’ post. Despite the importance of cybersecurity issues, and their increasingly prominence in the news, posts about it get far below average pageviews.
From a practical organizational comment and in terms of what people need to do at their work, I agree with your comment. I do NOT agree that this is any more important overall than the NSA angle, however. I do think focusing on the NSA is important and relevant, and liked these comments, and as they point out, if nothing else this approach to cybersecurity is a huge swindle of taxpayers: “Top NSA Whistleblower: Ransomware Hack Due to “Swindle of the Taxpayers” by Intelligence Agencies.”
The bottom line is that our intelligence services should start concentrating on actually defending us, rather than focusing their resources on offensive mischief.
Texan,
“The bottom line is that our intelligence services should start concentrating on actually defending us, rather than focusing their resources on offensive mischief.”
That nails it. But as usual with our military and security agencies, they pursue “own goals” rather than our goals. This will remain so until the public — through elected officials — forces change.
Pingback: brouhaha - Occurrences
Pingback: Daily Reading #127 | thinkpatriot
Pingback: Links 5/16/17 | Mike the Mad Biologist
Really good info.
“It’s hard…users will complain..”
Quite the contrary, re: Docs and Hospitals and providers. Everyone knows how lame and ineffective their IT attempts are. Ask your local Pharmacy about their efforts to get a Prescription refilled. Try to email for an Appointment if they have an email account, thatbis used.
“That we have this problem at all is because organizations have been able to cheap out about the costs, and continue to pass the costs of their failures on the customer.,
Yeah, cheap out. An old song.
Another fine example of very poor leadership and management and a full lack of responsibility.
Poor response and readership here?
How many of us have an offline physical backup of our data?
Thx for the posting clarification of the latest Terror lurking in our scary world!