If I have painted a bleak picture, it is because things are bleak. Our software evolves by layering new systems on old, and that means we have constructed entire cities upon crumbling swamps. And we live on the fault lines where more earthquakes are inevitable. All the key actors have to work together, and fast.
In one of the Reddit threads about the ransomware, it was speculated that the “kill switch” (that was activated when an unregistered domain was registered by a security researcher) was really just a test in the code to see if the virus was running in a sandboxed environment. It tried to connect to a URL that didn’t exist. In a sandboxed environment, it would get something returned like 127.0.0.1 or somesuch, and the code terminated to avoid being analyzed more deeply. Coincidentally, by registering the nonsense domain, all infected computers behaved (to the virus) as if they were sandboxed, so the code terminated.
But a new variant without this kill switch behavior is already in the wild. A leaked NSA “cyber weapon” is now in the wild, with no kill switch or any way to stop it. Awesome. Digital infiltration tools built by US military intelligence, now in the hands of Russian teenagers with no control or oversight.
The flip reaction is “update your systems, jerks!” – but it’s just not that simple or easy (for the reasons outlined by Zeynep in the article). And, throw on the new Internet of Things pattern, and it’s going to get really bumpy, really quickly.
I work at a campus that got hit hard by ransomware last year. It’s not fun, for anyone involved. Our IT folks moved mountains to try to get systems and data back online. Again, this problem is only going to get worse. How do we prepare for that?