WannaCry ransomware attack: How average computer users contributed to global spread of malware

As cybersecurity experts clamored to contain and explain the massive global ransomware attack that infected several hundred thousand computers over the weekend in more than 150 countries, it’s the average computer user who should be concerned, multiple experts said.

The ransomware attack that began on Friday — known as WannaCry — is believed to be the largest cyber exploitation attack recorded, according to multiple cybersecurity experts. It was responsible for crippling Britain’s hospital network and Germany’s railway, along with other governments and infrastructures worldwide.

As Fox News previously reported, the malware was detected as early as March and was publicly reported as stolen from the National Security Agency a month later.

But renowned cybersecurity expert Dr. Diana Burley credits — in part — the rise of cyberattacks in recent years and the expanse of the weekend’s global attack in the failure of the average computer user to take preventative measures to avoid such an attack.

“Even in this case, we don’t know all of the details. But what we do know is the malware attacked the vulnerability in Microsoft Windows that Microsoft had released a patch to fix several months ago,” Burley, a professor of human and organizational learning at George Washington University told Fox News. “For those systems that were updated and patched, they were not vulnerable to this particular attack.”

Microsoft also dropped a rare fix for users who still used an older Windows software — even though that repair had been previously “retired” — in an effort to halt the ransomware attack, the Financial Times reported.


Burley, named the 2014 Cybersecurity Educator of the Year, stressed the importance of striking a balance between the technical aspects of what occurs when a massive cyberattack happens with ensuring the issue is accessible to the average reader.

“We don’t want to be alarmists because if you tell people that the sky is falling every day, pretty soon they won’t care that the sky is falling. At the same time, there needs to be a level of discourse that says, ‘You need to pay real attention to this, and there is a role for you as an average citizen for you to play in securing the systems,’” Burley said. “This is the kind of thing you need to think about and be aware of.”

“We have to do a better job of that in terms of reporting, but also in terms of experts in the security field making sure people do understand the role that they play and how to go about making themselves and society less vulnerable,” Burley added.


Computer users who do not take the time to update their software
or systems when prompted were also a factor to the widespread nature of the ransomware attack, according to Dr. Shambhu Upadhyaya, a professor of computer science and engineering at the University of Buffalo.

“People always try to take the easiest way,” Upadhyaya said, adding that it can “take some effort” to apply a patch — the piece of software designed to fix a problem.

“People simply don’t follow the security best practices,” Upadhyaya told Fox News. “This particular case — as the media showed — they had the ability in the Microsoft operating system, and Microsoft actually came up with a patch in March. Many people installed the patches and others did not, and that was the main problem.”


As for cybersecurity experts, Upadhyaya stressed the importance of educating the average computer user through workshops and events as well as in school. He also implored vendors to develop user-friendly technical resolutions.

“When you buy a computer and it does most of the work for you, that’s probably the best solution,” he said. “If you leave it to the people, then you have to depend on them. That’s where the problem is — usability versus security.”