The spread of computer malware is never a good thing, right? In the wake of WannaCry, the ransomware which cause disruption across roughly 150 countries, it remains to be seen if the incident will provide the much-needed wake-up call many companies needed.
The threat of ransomware has spiked in recent years – hitting schools, hospitals and governments and locking down computer files until money is transferred to the hacker. Alarmingly, the latest case proved highly-effective as it moulded traditional malware with a US government exploit.
For some, including the UK health service, this proved catastrophic, with the bug targeting the large number of computers still using old Windows software.
The situation escalated and, according to Europol, soon infected up to 200,000 victims around the globe.
Despite years of warnings, the NHS was still underprepared for the situation. Last year, IBTimes UK reported, citing numerous sources, the British healthcare system was vulnerable to ransomware.
Last year, NCC Group, a cybersecurity firm, surveyed 60 NHS trusts and found that nearly 50% of them had encountered ransomware the year prior. Additionally, campaigners from Big Brother Watch previously found the NHS faces up to 2,000 data breaches annually.
So will the latest ransomware attacks be the much-needed catalyst for change? In reality, experts stress the situation is far more complex that it first appears.
"While a massive ransomware outbreak does serve as a kick in the behind, taking action is not always as simple as it sounds and WannaCry cannot be described as a 'good thing' under any circumstances," Lee Munson of Comparitech told IBTimes UK via email.
He continued: "The attack is certainly a wake-up call to companies across the globe and, for some, it will be a reminder that they need to take security seriously, be that in terms of applying the correct technical controls [or] training staff on how to spot ransomware.
"For some organisations, however, things are not quite so black and white.
"Taking the NHS as an example, there has been much comment around the use of Windows XP.
"While using an outdated operating system, or not having the latest patches installed, is never a desirable situation to be in, sometimes it is unavoidable.
"Existing and expensive equipment, such as X-Ray machines, have a dependency on legacy software and budgets do not allow for their replacement." He added: "Testing patches and implementing them takes time that overrun IT departments do not have."
The WannaCry ransomware spread quickly. Upon analysis, it emerged the worm was exploiting a leaked vulnerability previously used by US intelligence. These tools were leaked in April 2017, leading some, including tech giant Microsoft, to criticise the American security services.
"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," wrote Microsoft president Brad Smith in a blog post on 14 May (Sunday).
He added: "The governments of the world should treat this attack as a wake-up call."
Combating known flaws
"Whilst the ransomware attacks could obviously never be described as a good thing, it is clear that many organisations were vulnerable to an attack vector that abused a known flaw," said Alex Mathews, a lead security expert at Positive Technologies.
"The impact of the attack should certainly provide a sharpening of focus for many security teams to ensure their countermeasures, training and patching are up to date," he added.
Meanwhile Andrew Clarke, director at software firm One Identity, said he believes government and industry must now come together to find "constructive ways" to bulk up the cybersecurity practices of businesses rather than wait for another massive attack to occur.
However, he stopped well short of saying the most-recent case of ransomware infections would have a positive effect. "Under no circumstances is a ransomware attack a good idea to the extent that is drives organisations to act," he told IBTimes UK.
"First, successful attacks like this past week's attack simply serve to spur other aspiring actors to continue their efforts to steal from law-abiding people and organisations," he continued.
"Secondly, these attacks have consequences as in the UK where patients were denied vital services. Lastly, this is a 'stick' approach to enticing organisations to take the necessary steps to safeguard their valuable assets such as control to data and applications," he added.
Law enforcement, including Europol and the UK's new National Cyber Security Centre (NCSC), is now investigating the incident. The full scope of the malware attack remains unclear, with many experts suggesting fresh variants are now highly likely to appear in-the-wild.