2017’s ransomware attacks: Could blockchain technology have prevented them?
Article by Tom Serres
On May 12th this year, many international businesses and organizations were hit by one of the biggest ransomware attacks the world has seen. The attack spread through 150 countries, including Britain, Russia, and China. Hospitals, universities, and government agencies across the globe were put at risk by having their computers and systems held hostage, and the list of victims continues to grow as more people become aware of the different hacks and variants of viruses that were used.
Experts believe that the ransomware came from cyber weapons linked to the US government. Hackers stole these so-called weapons and then unleashed them to first target the UK’s National Health Service. After many computers in British hospitals — as well as technology-assisted surgeries that were in progress during the attack — suffered a security breach, important appointments were canceled and patients’ health records became unavailable. Patients close to the situation were horrified that their data privacy had been compromised, and their life-important data made inaccessible due to a hack.
Shortly after being released in the UK, the ransomware spread across Europe where Germany’s Deutsche Bahn railway company found that many of its passenger information displays and ticket machines were unable to function. The Spanish telecom company Telefónica reported that a small number of its computers had also been compromised. Thankfully, the company’s customer data and security were not at risk as such a small number of its computers were targeted.
In China, many state-run gas stations were hit, leaving them unable to process digital payments. State police in the Indian state of Andhra Pradesh found that 25% of their systems had been affected. With a population of just over 1.3 billion, the effect on India would have been much greater, but many of the country’s other states took their systems offline once news of the attack circulated..
Blockchain Technology: The Best Weapon Against Cyber Attacks?
Even though our current understanding of the Blockchain is very much entrenched in online technology, it is also a new way of thinking about the value of data and how humans interact with it. The changes that blockchain can bring about for decentralizing and permissioning data may help us shift from our current use of centralized software for such pivotal and sensitive information as patient or telecommunications records. But is this enough to prevent future cyber attacks?
One way to look at this is to focus on the attacks on Britain’s National Health Service (NHS) hospitals. Most of healthcare — from diagnoses to treatments — is based on a set of peer-to-peer transactions: every patient has multiple interactions across a healthcare system, including across varying technologies that need to interact and share verified data. Not only that, but many groups are exploring the use of Blockchain technology as a decentralized solution for storing electronic medical records. In part, this could lead to a greater level of security for health data over existing systems where access is centralized and does not include the patient directly. As there would be numerous copies of the pointers of such encrypted data, it would be extremely difficult for a cyberattack to hold them all to ransom. However, the biggest challenge for institutions like the NHS is making sure people work with updated software.
Another benefit of leveraging Blockchain technology for data systems using sensitive data is that each computer (or node) in a specific Blockchain network has its own copy of the database. Because of this, any changes that are made or transaction that goes through is known to each and every computer. This decentralized network means a hacker will find it much more difficult to paralyze any single location and hold it to ransom, as there are alternate permissioning access points to the data. Breaching this type of system would be visible to its participants.
Tackling Doubts About Blockchain Technology Security
In 2016 a number of cyberattacks caused established financial institutions, including Santander and UBS, to question the security of Blockchain technology. The attacks specifically targeted financial companies that used this new technology. The DAO, a crowdsourced venture capital fund, had $50 million of its original $150 million investment drained by attacker(s) who exploited a loophole in the governance code of the venture (not the underlying Ethereum blockchain itself). The Hong Kong-based Bitfinex, a company specializing in digital currency exchange, lost around $65 million in a similar attack. These events put Blockchain technology in doubt for a little while, but mostly through a misguided understanding of how it works.
The 2016 cyber attacks were not, in fact, “hacks” in the technical sense. We need to keep in mind here that these events were not actually “hacking the blockchain” itself. To put it in simple terms: If anything, Bitfinex / UBS / Santander were “hacked” primarily because these organizations attempted to re-centralize a decentralized technology, giving it greater points of failureBitfinex was a centralized exchange that allowed people to trade cryptocurrencies It wasn’t a decentralized exchange, rather it functioned more like one single wallet people sent money to, no different than a bank, making it an easier target. And The DAO relied exclusively on code with no escape hatches. This is a logic that our co-founder Bettina Warburg explained very well in a previous article, which can help establish the significant difference.
-decentralization is one of the things that makes the network safe.
Technically, the reason these groups were hacked was because they didn’t employ decentralized tactics. One of the only ways to hack the network is via a 51% attack — which would be very difficult and expensive to undertake. Decentralization is one of the things that makes blockchain networks safer than current systems — but they require updates like any other software or code.
While there may still be a debate regarding the effectiveness of Blockchain technology’s security, it offers great improvements to certain existing database structures, and many of the key issues to its adoption can be addressed over time by improving organizational understanding of how blockchains work (and what they are / aren’t good at), while making sure the press coverage of events like the aforementioned attacks remains accurate.
As the effectiveness of this technology continues to improve, there is hope that it will help create a safer digital world for us all. This is why at Animal Ventures we are committed to working toward projects that leverage Blockchain technology for safer, more compliant systems, and also why we created our Blockchain Basics online course.
Additionally, if you want to know how you can align your business strategies with Blockchain technology, you can also get in touch with our team.