In the past week, the WannaCrypt ransomware attacks have shut down hospitals, businesses (including FedEx, French automaker Renault and Spanish telecommunications firm Telefonica), universities, and other organizations, by attacking over 45,000 computers in 150 countries.
Our users have asked us if their routers are vulnerable to these ransomware attacks. The short is no, because these attacks target computers running Windows. However, the longer answer is more unsettling, because the hackers behind these attacks have threatened routers next.
Let’s start with reviewing what happened:
- At some point (we don’t know when), the NSA (US National Security Agency) discovered a vulnerability in Microsoft Windows, and it used this knowledge to develop tools to infiltrate computer networks. The NSA didn’t inform Microsoft of this bug, so Microsoft couldn’t fix it.
- At some other unknown point (probably sometime in 2016), the Shadow Brokers hacking group stole the tools that the NSA uses to infiltrate computer networks, and in January 2017 it posted screen captures showing the exploit.
- By March, Microsoft patched this vulnerability in modern versions of Windows, but it still existed for older versions, such as Windows XP and Windows 8.
- In April, the Shadow Brokers hacking group leaked these hacking tools online.
- By the end of last week, the ransomware attacks started, using these stolen tools. Kaspersky Lab has suggested that the hackers behind these attacks may be tied to North Korea.
- New infections of this ransomware have now stopped, thanks to a UK researcher’s discovery that the ransomware checks a specific website, and then registering the domain for that website.
But although the immediate threat has passed, many new threats from the Shadow Brokers hacking group lurk on the horizon.
The hacking group says it plans to sell off new exploits every month starting in June. Here’s a direct quote from the group:
In June, TheShadowBrokers is announcing “TheShadowBrokers Data Dump of the Month” service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month.
What members doing with data after is up to members.
TheShadowBrokers Monthly Data Dump could be being:
- web browser, router, handset exploits and tools
The hacking group includes a list of what this data dump can include. Routers are second on its list.
There has never been a better time to get serious about securing your router.