Did ‘Good Guys’ Release WannaCry?

Did the good guys release the WannaCry Ransomware to end complacency and force us to take action on cyber security? Was it done to make sure we strengthen our country's economic resilience?

Or to champion a new breed of cyber security warrior ready do battle with the dark forces?

I've played with these questions over the past few days as I listen and talk to my cyber security and privacy colleagues. Computer giant Microsoft has described last week's global cyber attack as 'a wake-up call to the world'. Indeed it is. For far too long governments, organisations, businesses and people have been complacent about security around protecting their data, networks, single computers and devices.

WannaCry Ransomware attack

The “WannaCry” ransomware attack hit one in five NHS Trusts in the UK on Friday. Several hospitals have cancelled operations planned for today (Monday). Patients face disruption to their treatment because computers used to share patients’ test results and scans with doctors remain frozen.

Europol, the pan-EU crime-fighting agency, said the threat was escalating and predicted the number of “ransomware” victims was likely to grow across the private and public sectors.

But, the WannCry ransomware story just doesn't hang together properly. Gut feeling, and I can't pin it down. On the one hand we hear amateurs are to blame. The ransomware Worm had apparently been available on the Internet; that its code contained simple mistakes. Not the work then of a rogue government, organisation or group!


Yet, others have contradict that view. Is the ransomware complex instead? The worm has wriggled across several continents, into over one hundred and fifty countries, and attacked many sectors to showcase the damage it can do. These include health, manufacturing, services, transport and distribution. We hear stories that someone stole the ransomware from US Intelligence. In a blog post over the weekend, Microsoft’s president, Brad Smith, appeared to acknowledge that the ransomware attack used a hacking tool built by the US National Security Agency, which leaked online in April. He said governments should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits”.

Were some of the big cyber companies behind the attack? Experts said the malware could spread through computers with unpatched versions of Microsoft Windows. Users left networks were left vulnerable by using outdated Windows XP software. Plus they had not installed security upgrades issued last month.

Doesn't add up

Another expert interviewed on the BBC this morning said he wasn't in the least worried about further attacks when people return to work today and switch on their computer. Why isn't he when some claim that hackers can easily update the WannaCry code to release a fresh attack? According to the broadcaster victims have also paid a total of around £30,000 in bitcoins upon receiving the alert that the ransomware has affected their computers. Not a bad price to pay to make sure everyone is cyber security-ready. The attack is extensive globally and has hit over 200,000 victims. Yet, apparently the bitcoin payment process in this instance is difficult to use. That just doesn't make sense if WannaCry was a sophisticated attack! Interestingly (and thankfully), despite this extensive attack on our National Health Service, no one seems to have died as a result.

Who to blame?

The public will probably never find out who was to blame for the attack. But Microsoft blames customers for not updating their computers and decices properly with new operating systems and patches. The WannaCry attack has certainly made the world sit up and think. Cyber crime, cyber terrorism and cyber warfare are all real threats to our freedom, democracy economic and social well-being.

Makes you ask the question.

Did someone deliberately sabotage North Korea's recent missile test recently?

What to do

If the Wannacry Ransomware has affected your computer you will need to wipe it clean of data and rebuild it too.

Does it now make sense to make sure that you update computer software and antivirus regularly? And back up your data often too! Complacency is no defence.

Find out about how to protect your organisation