(Threatcare) Should the world really be leaving internet security to chance and a stroke of luck? While a 22-year-old security blogger was able to take down WannaCry, the latest ransomware to strike hundreds of organizations across the globe, it’s important to recognize this is certainly not the end of malware or related security concerns.
As Marcus J. Carey, the founder of Threatcare, a leader in next-gen vulnerability assessment, says, “Organizations should be thanking their lucky stars for Marcus Hutchins. This is a testament to how important independent security research is.”
The UK blogger who figured out how to stop WannaCry goes by the alias “Malware Tech.” Malware Tech says he found the “kill switch” in the ransomeware’s code, but also notes that his finding was, to a degree, “partly accidental.”
In other words, there is a chance he may not have put an end to this malicious software at all. While his discovery cannot undo the damage caused by the ransomeware, at the very least Malware Tech was able to put a stop to this particular strain’s rapid spread. However, security researchers warn that there will be others. As security researcher Troy Hunt notes, “This variant shouldn’t be spreading any further, however there’ll almost certainly be copycats.”
Malware Tech says that it won’t be difficult to just alter the code and start the process over again. He cautions that the next version “won’t be stoppable.”
One of the organizations effected by WannaCry was the United Kingdom’s own National Health Service (NHS). While you would think that such a massive organization would be protected, it’s become clear that there are gaping holes in security across virtually every industry. This is made worse by the fact that as of yet, there is little to no recourse for computers and other devices affected by WannaCry.
The world of security is a rapidly changing place, and it’s increasingly difficult for industries that aren’t “in the know” to keep up – meaning many people are unwittingly leaving their security to chance, rather than ensuring the safety of their confidential information.