Pirates at The Sea of Data
Should Software Companies Be Held Responsible for Ransomware Damages?
May 13, 2017, Tapio Mäkelä
Despite the fact that Ransomware has been around for some time, software giants like Microsoft keep releasing updates and software which include vulnerabilities. Customers are helpless, because they cannot see the software code to see if the products they buy are faulty. Data is itself vital and valuable, not only to us as individuals but to organisations from banks to schools and hospitals. Should not companies that let the thieves in, be held responsible?
Ransomware, software that use a vulnerability in computers systems to take them over and then blackmail the data owner, are becoming common and more effective. Most powerful one yet, a virus called WannaCry was developed by the NSA. Despite security update patches, systems will remain to be hackable. How will infrastructures survive in case they are hacked? We may need parallel back-up systems and safe data havens.
In a wide ransomware attack in May 2017, a software virus called WannaCry was used to compromise tens of thousands of computers in a hundred or so countries. The software takes over all files on the system and demands USD 300 in Bitcoin. If you pay straight away, the unlocking supposedly happens. If you wait, the price goes up.
WannaCry was developed by the NSA (National Security Agency) of the US government. It was leaked and is now in the hands of other nation states and cyber criminals. Ransomware has been a typical form of cyber crime for some time. Now however, with the help of the NSA, the tools have become more powerful.
WannaCry simply searches the Internet for operating systems that are vulnerable and takes them over. In other words, no other careless action is required than not having done a security update a month before the attack.
If a bank is robbed, it still owes it’s customers the money it had. What about software giants like Microsoft, whose bad code enabled this so far most massive ransomware attack? They hold no responsibility for the consequences resulting in using their software. Should they?
Bad, vulnerable code is a result of bad software design, which again is part and parcel of software companies needing to produce new software and updates to stay on top of the market. In other words, companies like Microsoft save money if they do their work too quickly. Customers are at a losing end.
The problem of viruses and ransomware cannot be solved by improving one operating system or the other. A massive counter virus task force should be established by all major software players in the market to do something about it. And in fact, hardware manufactures need to be part of it, because also the BIOS microchips on devices, and Internet of Things microchips or mini computers can also be hacked.
Companies need to hire the best hackers to hack their own code before anyone else does.
Besides operating systems and software needing to become safer, most crucial infrastructures may need to have parallel, extra fire-walled, fully operational backup systems that exist in safe data havens. And perhaps it is time to give up operating systems that most commonly and frequently get hacked. Alternatives are being developed, ones that take cyber security as a priority.