Advertisement
Cybersecurity
OpinionComment

WannaCry ransomware attack shows the wisdom of having an offline Plan B

Kai-Lung Hui says organisations providing critical services must have a backup plan that does not rely on the internet in case of a crippling cyberattack

Reading Time:2 minutes
Why you can trust SCMP
Indonesian patients and relatives wait for their turn at the registration counter of the Dharmais Hospital in Jakarta on Monday, after the hospital’s information system was affected by the WannaCry virus. When IT is used as an integral part of services that affect lives, we need to make sure that those services can continue when the system fails. Photo: EPA
Kai-Lung Hui
The latest ransomware attack sent the world into turmoil this week. Malicious software called WannaCry infected more than 200,000 computers worldwide, locking out users unless they paid a ransom in bitcoins to the attackers. Some of these locked computers are used in hospitals, petrol stations, schools and power companies.
Advertisement

Most IT security specialists advise victims not to pay such ransoms, but some organisations may feel they have no choice. After all, peoples’ lives could be in danger if, say, medical practitioners cannot access health records.

‘Ransomware’ attack shows the time has come for a digital Geneva Convention

This raises a pressing issue: when technology is so embedded in our daily routines and incorporated in rudimentary services such as health care and the provision of utilities, how can we reduce our risks in the event of a cyberattack?

In the case of WannaCry, IT experts have advised us to patch our operating systems, use anti-virus software and firewalls, and not to download files or open email attachments from unknown sources. This is good and practical advice, but it is insufficient at a time when cyberattacks are evolving fast and new means of attack are constantly emerging.

Korea Internet and Security Agency staff monitor the spread of ransomware cyberattacks at their office in Seoul on Monday. Cyberattacks are evolving fast and new means of attack are constantly emerging. Photo: AFP/Yonhap
Korea Internet and Security Agency staff monitor the spread of ransomware cyberattacks at their office in Seoul on Monday. Cyberattacks are evolving fast and new means of attack are constantly emerging. Photo: AFP/Yonhap

The next ransomware attack will likely be worse than WannaCry

Today, novice hackers do not even need to know how to write encryption programs; they can deploy off-the-shelf ransomware to blackmail others. Some underground criminals offer dial-a-hacker services on the “dark web”, the encrypted segment of the internet not familiar to most users.

Advertisement