A global outbreak of ransomware is rapidly infecting machines in critical and not-so-critical infrastructure across the globe, including the National Health Service in the United Kingdom, a Spanish internet service provider, the German rail system, and mall billboards in Singapore. This digital pandemic illustrates a challenge that the cybersecurity community has been wrestling with for nearly a decade: how to counter the spread of malicious cyber capability.
To help inform this conversation, let's first step back and review what we know about WannaCry, the ransomware sprinting across the globe. As has been widely reported, the malware leverages an exploit developed by the U.S. National Security Agency. The exploit, which was called EternalBlue, "works reliably against computers running Microsoft Windows XP," as Ars Technica put it. The developers of WannaCry combined this Windows exploit with code that allowed the ransomware to spread without so much as a keystroke or click from either the operator or the victim, locking machines and demanding ransom. How, you might ask, did this exploit reach the authors of WannaCry (which several groups have suggested is in North Korea)? In simple terms: The Shadow Brokers, the group that has spent the last few months leaking NSA tools, essentially made it open-source.