In about two months, two years will have passed since the WannaCry ransomware attack, a large-scale, global security incident that spread through the EternalBlue exploit targeting computers operating on outdated Windows systems. It affected over 300,000 computers that were still using vulnerable software such as Windows Vista and Windows 7, which had already been obsolete for quite a while.
Similarly powerful was 2017’s NotPetya, encrypting ransomware that also went after Windows computers and propagated via the same EternalBlue, affecting companies in Ukraine, France, Germany, Poland, the UK and US. These hacker exploits have proven that not only organizations, but also law enforcement agencies across the Union are not ready to tackle such incidents. Now it’s up to Europol to fix it.
Since these types of rapidly propagating attacks are becoming more prevalent, and there’s definitely more activity where WannaCry came from, the EU is working on getting cyber-ready by improving crisis management in the event of such massive attacks.
That said, the European Council has just adopted a new Europol emergency response protocol for law enforcement agencies across member states to mitigate and confine “major cross-border attacks” through faster detection and threat classification. According to the agency, “an attack with repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable,” although the process will only cover intentional catastrophes, not acts of nature or accidents.
"Only cyber security events of a malicious and suspected criminal nature fall within the scope of this Protocol; it will not cover incidents or crises caused by a natural disaster, man-made error or system failure," officials said.
“It is of critical importance that we increase cyber preparedness in order to protect the EU and its citizens from large scale cyber-attacks,” said Wil van Gemert, Deputy Executive Director of Operations at Europol. “Law enforcement plays a vital role in the emergency response to reduce the number of victims affected and to preserve the necessary evidence to bring to justice the ones who are responsible for the attack.”
As Europol was making this announcement, one of the largest aluminum manufacturers in the world, Oslo-based Norsk Hydro, was fighting to neutralize a ransomware attack that crippled the company’s network and forced it to turn to full manual operation, according to Reuters. Employees were asked to disconnect all devices from the network and wait for security to contain the incident. With an annual production of almost half a million tons, operations in 40 countries and 36,000 employees, the breach took down operations. The company is yet to comment on the scale of the attack and containment details. The hydroelectric power plants were not affected.