On Tuesday, a powerful and terrifying new cyberattackworm emerged in Ukraine, quickly spreading to the Russian Federation and other countries no one cared enough to report on because they weren't the US.
It was hard to tell which infection was worse: The cyberattack itself or the race to write and publish something (anything!) about it, framing it just like the last "massive" cyberattack explosion to hit the whole world.
The cyber-news virus hit American media quickly, locking up common sense like an unpatched Windows machine with a "hack me" sign on it. It got root on domestic infosec Twitter and quickly spread into the headlines of The New York Times, who rushed out a piece incorrectly naming the (actual) cyberattack as ransomware.
Once the Times wrote about it, the cyber-news infection exploded to lock up headlines through the week -- affecting more people through hysteria than the actual cyberattack was affecting organizations and people in the real world. Airports, shipping companies, banks, FedEx and even Cadbury Chocolate were affected, but infosec Twitter was the hardest hit.
The 4 stages of Twitter during a malware outbreak.— Sev (@sudosev) June 29, 2017
1. OMG WE'RE ALL SCREWED IT'S SO BAD
2. It sucks
3. Should have patched
4. It was Russia
The virus is real, but the reporting has been so competitive and the limelight-chasing so fast and furious that the end result is disorganized, hysterical, and overwhelming.
In reality, it looks like there was a cyberattack on a country by another country, which of course couldn't be contained, so now it's in every country. This week's cyber flavor of the month was deployed to harm Ukraine on the same day a Ukrainian military officer was assassinated by a car bomb. He just happened to be the man who was investigating and gathering evidence for The Hague of Russia's military aggression for Ukraine's case against Russia in the International Court of Justice.
And harm Ukraine it did. In just a few hours, key parts of the country's government, infrastructure, top energy companies, private and state banks, main airport, Kyiv's metro system and even companies that do business with these entities were affected. If anyone was trying to imagine a way to "cyber bomb" a country, then the effect of this wiper would be as close as it gets.
Some of our gov agencies, private firms were hit by a virus. No need to panic, we're putting utmost efforts to tackle the issue 👌 pic.twitter.com/RsDnwZD5Oj— Ukraine / Україна (@Ukraine) June 27, 2017
The attack was made to look like ransomware, probably because that word is like Patient Zero for headline panics right now. In reality, it was created to be a wiper -- something that just locks up files forever and ever. This means it reveals itself after locking up all your files and demands a ransom to de-encrypt them -- except that part's a lie. The creators had no intention of getting any money; its intent was to destroy.
I'm guessing that real ransomware criminals, who care about customer service, are gonna be pissed about the reputational harm to their pay-and-get-your-files-back scheme.
Relevant bits of the wiper were also seen in the ransomware that was so last month: WannaCry. That's because the code to create this monster of the week was rehashed from an exploit released into the wild by Shadow Brokers, widely believed to be a Russian state entity, in one of its dumps of NSA tools.
Couldn't decrypt their common sense
The cyberattack is still spreading and wreaking real havoc just as fast as its headlines are. (Engadget's editors are patched and up to date, I swear!) The wiper's effect on infosec companies seems to be a viral desperation to be part of the story -- so acute that the damn thing has several names, because squatter's rights rule in the race for attention, I guess. You may have heard of it as Petya, or Not Petya, ExPetyr or GoldenEye, or even Nyetya.
But if you're like most people, you're just wondering if it is going to affect you, and if you need to do anything.
Bad Malware pickup lines: Hey girl, is your name Petya or GoldenEye? Either way you've already fully encrypted my heart ;)— Malware Unicorn (@malwareunicorn) June 29, 2017
Petya/Not Petya (or whatever) will affect you if it starts hitting services you use or need, and even then, there's not much you can do about it. In any case, the usual virus advice applies: Patch and update (Windows especially, as usual), and otherwise make some backups that you store offline.
After that, it's just a matter of getting your sanity back after drowning in a week of crazed and confused headlines about a new hacking danger, after several years of breach overwhelm and a hack attack every damn week of the year.
Don't get me wrong. It's fun to watch cybersecurity journalists freak out about something new they don't understand or wait to get facts on. I have special popcorn for infosec Twitter's predictable race to scratch and bite its way into those fleeting headlines. But it's a crap situation for trying to figure out what the hell is really going on, not to mention that it adds a heavy load of bad news to our already-overwhelming bad-news-saturation levels.
This week's hot new cyberattack is definitely doing its share of damage, but that damage shouldn't be to our sanity. We have to stay informed, yet the level of hysteria and craziness from this week of cyber-confusion alone is enough to make anyone want to check out. And this is already after a lot of people spent the first few months after America's 2016 election feeling scared and depressed, frantically checking their phones every five minutes for the next batch of I-can't-believe-it's-happening news.
Take my advice and make a plan to cut through the noise. Look at your news sources and trim them down; with cybersecurity, pick a few sources (or better, individual journalists) you can trust, and cull the rest from the herd. This is often the hardest part; The New York Times reported it as ransomware, making that source one you should definitely question.
It helps to take a little time to look at what people are saying about sources and journalists when it comes to hacking and infosec, and to be especially critical of people's motivations behind their soundbites and headlines. Everyone in infosec (and cybersecurity journalism) wants to be famous, but few are willing to take the time to be correct. When you find ones you can trust, they'll usually be solutions-oriented -- and not trying to get your clicks, seek validation or sell you anything.
Next, decide which kind of hacking news is going to be your priority -- the Russian hacking scandal, ransomware, breaches, encryption -- and deprioritize anything else. Then establish a baseline of hours each day for you to spend on news reading and social media, like one hour in the morning, one in the afternoon, and one in the evening. In researching news-overwhelm for my book, one psychologist I interviewed told me, "I know that I, personally, was spending nearly four hours a day on news, and finally had to decide an hour was enough." Once you make a determined plan on how many hours are reasonable, this is your target.
So, at the very least, we're now ready for next week's panic.
Image: Getty (Laptop fire)