WannaCry conjures up Titanic for N.B. security expert

For a New Brunswick cyber security expert, theblow dealt to technology users by a ransomware worm can be compared to the Titanic glancing off the iceberg.

WannaCryhas infected more than 200,000business and government computers around the globe over the weekend, including German railtransportation systems, car factories in Spainand gas pumpsin China.

"We as humans are in charge of thetechnology but if we don't actually understand it, educate ourselves about it and take our rolesseriously the technology will steer us," saidDavidShipley, the outgoing director of strategic initiatives at Information Technology Services at the University of New Brunswick.

The ransomwareis designed toencrypt informationand makes files on acomputer inaccessibleuntil a ransom is paid. These files can include pictures, video and other personal information.

• WannaCry ransomware: What you need to know
• WannaCry most dangerous to smaller companies, says Canadian cybersecurity firm

WannaCry has been known to experts but exploded over the weekend, exploiting a weakness in Microsoft operating systems.

"This has got all the elements, almost like a James Bond story," saidShipley.

"You've got a hacking tool developed by the [National Security Agency], allegedly stolen by the Russian government and leaked to embarrass the Americans."

Shipley said Microsoft released a new type of securityearlier this year for the more recent version of Windows. But computers that didn't update or are running older versions of Windows become more vulnerable.

Human consequences

Shipleyused the example of Britain'sNational Health Service, which shut down, which was forced to shut down as a result of the cyber attack.

"You saw X-ray machines, blood labs cancelled, surgical suites closed down, cancer treatments delayed," he said. "I've heard reports of stroke patients in the process of receiving treatment, and the treatment had to be stopped.

"The problem was these devices were originally intended to be isolated inside closed networks."

As of Monday night, he said, about $50,000 US was made in bitcoin, a digital payment system.

A stroke of luck

"The criminals behind this were more Trailer Park Boys than ItalianJobs when it comes to how they programmed this," Shipley said. "They made a number of really sloppy mistakes."

Shipley, who is now the CEO of Beauceron Security, anew cyber security start-up in Fredericton, said that for the most part, North America was left unharmed. The WannaCry attacks startedon the weekend, when government and many businesses had their technology turned off.

"I think we dodged a bullet," he said.

How to stop this

Shipley said it's important to update software, including personalsoftware such as iPhones.

If you don't,visiting a website infected with malwarecan later affect your own technology. He said it can take control of your personal information, such asreading your text messages or reviewing your call history.

"If you've been putting offpatching your iPhone you're running around with a pretty big risk," he said. "You're one breached website away from a bad day."

And it's worse for Android users.

"When you have an Android phone, if Google puts out a patch, which they don't always do, then Samsung...and the other manufactureshave to decide if maybeyour two, three-year-old phone is going to get that patch," he said.

Shipley said the hacking is far from over and people need to be careful.

"I hope we are starting to learn, maybe we need to slow down, maybe we need to think about the dangers of what's happening," he said."We put so much faith in this new technology."