igor - Fotolia
When the WannaCry ransomware began wreaking havoc around the world on 12 May 2017, the Middle East region managed to escape largely unscathed – simply because of timing.
Weekends comprise Fridays and Saturdays in the region, and when WannaCry was unleashed, most of the computers in the Middle East were switched off. When employees in the region went back to work on Sunday, the world was already aware of the need to patch the Windows vulnerabilities that were being exploited.
WannaCry managed to bring hospitals, banks and government offices around the world to a standstill, including Russia’s Ministry of Interior and the UK’s National Health Service. It began with 90,000 infected computers in some 70 countries and grew to 200,000 infected computers in 150 countries in a very short space of time.
“It’s important to examine what fuelled this campaign. It took just 28 days to go from the initial zero-day leak to a fully functional global attack,” said Jimmy Graham, director of product management at Qualys. “WannaCry has crippled IT systems globally and disrupted operations at major organisations.”
The worm affects vulnerabilities in Microsoft Windows XP and 2003, and compromised computers had their files encrypted and users asked to pay a $300 ransom in bitcoins.
So far, a total of 31.21 bitcoins, worth just under $54,000 has been transferred to the hackers.
Analysis from Kaspersky Lab shows the virus has infected computers in the UAE, Saudi Arabia, Qatar, Egypt, Jordan and Iran, although it did not identify which organisations had been attacked.
Read more about WannaCry
- WannaCry reveals some important facts about our dependence on the internet and IT.
- Although there is evidence that some victims of the WannaCry ransomware attack have paid attackers, there is no evidence they are getting data back.
- Hospitals across England are reporting problems with IT systems that are affecting healthcare treatment, caused by what could be a global ransomware campaign.
There were reports that Saudi Telecoms Company (STC), the country’s largest telecoms provider, was infected, but the company issued a statement denying it had been attacked.
Organisations in the Middle East are not legally obliged to report cyber attacks, hence there is scope for deniability and cover-ups.
“We have got proof that systems have been infected in Saudi Arabia, Qatar and the UAE, but no one wants to admit it,” said Jude Pereira, managing director at Dubai-based IT services firm Nanjgel Solutions. “It is a global outbreak and it would be wrong to assume we are safe, but there are mitigation strategies to safeguard against this.”
Efforts to boost infrastructure
According to Symantec, Saudi Arabia is the 20th most targeted country for ransomware attacks globally, while the UAE ranks 26th. Given the high rates of attacks in the region, there have been concerted efforts to bolster IT infrastructure. The Gulf Cooperation Council (GCC), thanks to its petrodollars of the past decade (past few years not withstanding), has pushed cyber security as an agenda, investing in education, security software and new computers.
Countries such as Egypt and Jordan, however, do not enjoy such budgets, and their governments are not as digitised as their GCC counterparts. In Egypt, some hospitals were infected, but much of the day-to-day government paperwork is maintained manually, so again, damage was limited.
One country that did not manage to escape so easily was Iran, which was the target of the first major state-backed cyber attack, Stuxnet.
“The rapid weaponising of newly disclosed nation state exploits for criminal purposes and, in this case, monetary gain, places new burdens on enterprises’ security organisations,” said Graham. “They must now deal with destructive and fast-moving cyber attacks such as WannaCry, which requires putting systems in place, as well as tools and processes to quickly identity, prioritise and remediate these vulnerabilities.”