WannaCry conjures up Titanic for N.B. security expert

For a New Brunswick cyber security expert, the blow dealt to technology users by a ransomware worm can be compared to the Titanic glancing off the iceberg.

WannaCry has infected more than 200,000 business and government computers around the globe over the weekend, including German rail transportation systems, car factories in Spain and gas pumps in China.

"We as humans are in charge of the technology but if we don't actually understand it, educate ourselves about it and take our roles seriously …  the technology will steer us," said  David Shipley, the outgoing director of strategic initiatives at Information Technology Services at the University of New Brunswick.

The ransomware is designed to encrypt information and makes files on a computer inaccessible until a ransom is paid. These files can include pictures, video and other personal information.

• WannaCry ransomware: What you need to know 
• WannaCry most dangerous to smaller companies, says Canadian cybersecurity firm

WannaCry has been known to experts but exploded over the weekend, exploiting a weakness in Microsoft operating systems.

"This has got all the elements, almost like a James Bond story," said Shipley.

"You've got a hacking tool developed by the [National Security Agency], allegedly stolen by the Russian government and leaked to embarrass the Americans."

Shipley said Microsoft released a new type of security earlier this year for the more recent version of Windows. But computers that didn't update or are running older versions of Windows become more vulnerable.

Human consequences

Shipley used the example of Britain's National Health Service, which shut down, which was forced to shut down as a result of the cyber attack.

"You saw X-ray machines, blood labs cancelled, surgical suites closed down, cancer treatments delayed," he said. "I've heard reports of stroke patients in the process of receiving treatment, and the treatment had to be stopped.

"The problem was these devices were originally intended to be isolated inside closed networks."

As of Monday night, he said, about $50,000 US was made in bitcoin, a digital payment system.

A stroke of luck

"The criminals behind this were more Trailer Park Boys than Italian Jobs when it comes to how they programmed this," Shipley said. "They made a number of really sloppy mistakes."

Shipley, who is now the CEO of Beauceron Security, a new cyber security start-up in Fredericton, said that for the most part, North America was left unharmed. The WannaCry attacks started on the weekend, when government and many businesses had their technology turned off.

"I think we dodged a bullet," he said.

How to stop this

Shipley said it's important to update software, including personal software such as iPhones.

If you don't, visiting a website infected with malware can later affect your own technology. He said it can take control of your personal information, such as reading your text messages or reviewing your call history.

"If you've been putting off patching your iPhone you're running around with a pretty big risk," he said. "You're one breached website away from a bad day."

And it's worse for Android users.

"When you have an Android phone, if Google puts out a patch, which they don't always do, then Samsung ... and the other manufactures have to decide if maybe your two, three-year-old phone is going to get that patch," he said.    

Shipley said the hacking is far from over and people need to be careful.

"I hope we are starting to learn, maybe we need to slow down, maybe we need to think about the dangers of what's happening," he said. "We put so much faith in this new technology."