WannaCry hack: Why has Russia suffered more than other countries?

May 16, 2017 Oleg Yegorov
Ransomware known as WannaCrypt or WannaCry has been attacking Windows computers around the world. On May 12, the first day of the massive hacker attack, the largest number of incidents were recorded in Russia. This was due to the fact that in Russia many people don't regularly update their software.
"Russian state agencies often employ substandard qualified system administrators and don't pay them well. This may explain the vulnerability of the Interior Ministry and other state agencies' systems." Source: Sergei Konkov/TASS

On May 12, at least 200,000 users around the world (according to Europol) were hit by a hacker attack - a new virus dubbed WannaCrypt or WannaCry gained control of their computers. The virus encrypts all the data on the targeted computer and posts a polite message on the screen saying that the user can have his data back by paying $600 in bitcoins.

The cyberattack continued in the days that followed: According to data available on May 15, users in 150 countries have been affected. But only computers with the Microsoft Windows operating system fell victim to the attack. As of May 15, the criminals have managed to lure their victims into paying about $50,000.

Mobile phone companies and police under attack

More users have been hit in Russia than in other countries - according to a Kaspersky Lab report, on May 12 more than half of all affected computers were in Russia. MegaFon, one of the largest mobile phone operators, also came under attack: The company's call centers and a number of its retail sites stopped working for several hours. Later the company said the situation was back to normal.

The Russian Interior Ministry was also affected. The ransomware hit a number of the ministry's computers and on May 13. In several regions police could not issue driving licences or vehicle registration numbers. In the evening of the same day the ministry reported that the problem had been resolved. According to the Interior Ministry's press secretary Irina Volk, about 1,000 computers were affected - in other words no more than one percent of the software currently used by the ministry.

Many companies and official agencies reported that they, too, had been hit but with no major consequences - their specialists managed to deal with the threat. Among those who reported cyberattacks were Russian Railways, the Health Ministry, and Sberbank.

Why is Russia vulnerable to WannaCry?

On May 14, Microsoft's President Brad Smith explained that the large-scale cyberattack had become possible because of a leak of confidential data from the U.S. National Security Agency (NSA). Smith said that Microsoft had updated Windows back in March and that systems with the latest update were invulnerable to WannaCry. The problem is that many users have not installed the update.

In Russia, there are very many such users, Vyacheslav Medvedev, analyst of the development department at the Doctor Web antivirus developer, told RBTH. "In Russia, installing updates is often seen as something optional," Medvedev says. "This is partly due to the fear that an update may "ruin" a system which already works well. And partly this is to do with the prevalence of pirated software that cannot be updated." Many Russians ignored the March update of Windows out of habit, and so their computers fell prey to WannaCry.


Also, according to Medvedev, to save money, Russian state agencies often employ substandard qualified system administrators and don't pay them well. This may explain the vulnerability of the Interior Ministry and other state agencies' systems, he said.

At the same time, the expert says big companies and state agencies as a rule use their own intranet systems not linked to the internet for storing important data and backing up their work. This, as well as the regular saving of data (so that it can be recovered after a system crash) allowed big companies and state agencies to either repel the cyberattack or quickly eliminate its consequences. It was more difficult, according to Medvedev, for small and medium-size businesses that do not have the resources to provide web-security.

The search for the guilty party

As is often the case, the West and Russia have blamed each other for what happened. The Daily Telegraph newspaper suggested that the WannaCry cyberattack was the job of hackers from The Shadow Brokers group allegedly linked to Russia. The newspaper did not, however, provide any evidence that this group is behind the attack.

At a news conference in Beijing on May 15, Vladimir Putin dismissed any possible link between Russia and the ransomware: "Russia has absolutely nothing to do with it." The president recalled that the hacker attack had become possible thanks to a leak of confidential NSA data. According to the president, Russia did not suffer serious harm but in general the situation was "alarming." He also proposed to the U.S. that talks on a cybersecurity agreement, suspended a year ago at the initiative at the American side, should resume.

Brad Smith at Microsoft also urges governments and developers to join forces to combat cybercrime: "We need the tech sector, customers, and governments to work together to protect against cyber security attacks. More action is needed, and it’s needed now."

Read more: Far too dangerous: Why Russians weren't invited to hack the U.S. Air Force>>>

Like us on Facebook