Freely subscribe to our NEWSLETTER

Tuesday, May 9, 2017
In the morning, I drive to the F-Secure headquarters in Ruoholahti, Helsinki. I am looking forward to a few meetings and clearing my inbox. During the day, I give a speech at a cloud services seminar in a hotel in central Helsinki. After the seminar, I return to the office to host a group of visitors in the laboratory. The RF lab, the Faraday cage, is always a good topic of conversation.

Wednesday, May 10, 2017
In the morning, I head for the Expo and Convention Centre Messukeskus to give the opening speech at Process Days. The speech ends at 10, and in five minutes I am in a taxi, heading to the airport to catch the 11:05 SAS flight to Oslo. A hacker conference called Paranoia is starting there on the same day; t2 in Finland, Sec-T in Sweden, and Paranoia in Norway are the best hacker events in the Nordic countries. Wednesday’s keynote speaker for Paranoia is Charlie Miller, the world’s most famous car hacker. Charlie and I go way back, and we have a long chat in the afternoon. Charlie mentions in passing that, according to the press, the vulnerabilities that he and Chris Valasek found cost Chrysler 14 billion dollars. “If Chrysler had paid us 10 billion, we wouldn’t have told anyone about what we found, and they would have saved 4 billion!” After the conference, the speakers have dinner together at a nearby restaurant. There are at least two former NSA employees at my table. After dinner, I sit in the hotel lobby for half an hour, talking to a local cryptography entrepreneur.

Thursday, May 11, 2017
I am still in Oslo and give the morning’s first keynote presentation at Paranoia. The annual event is being held for the tenth time, and I talk at length about how much the world has changed in just a few years. I tell the audience that 10 years ago, everyone had a Finnish phone in their pocket—now, none of us do. Time flies, especially on the Internet. After the session, I open Twitter since I know that F-Secure has published a stock market release: we are acquiring an English information security company. I tweet about it and welcome our new employees. I manage my Twitter account in the taxi because at noon I will fly from Oslo to Stockholm. IDG’s annual Internet of Things (IoT) event is being held there. My slot is after the woman who designed Internet connectivity for Volvo vehicles and a man who connects reindeer to the Internet. I talk about the future of IoT and its pros and cons. After my speech, I take the Arlanda Express to the airport and board the evening plane for Madrid.

Friday, May 12, 2017
In Madrid, I speak to a group of around 150 clients about corporate information security solutions. I have a few hours to kill between my speech and return flight, but I prefer to return to the airport and work in the lounge. I barely have time to sit down when my phone rings. Our headquarters in Finland ask me to contact one of our major clients in Spain. I call a member of the management team and hear that brand new malware has infected thousands of computers on their network. Worse still, the infection is still spreading. And worst of all, it is a new ransomware Trojan—WannaCry—that encrypts files. Wannacry spreads like wildfire, becoming the largest ransomware Trojan epidemic in history during the same day. It almost exclusively targets large corporations. By evening, almost 200,000 machines are infected. My phone keeps ringing until it is time to board the plane. I even get in several calls while on board, because our departure is delayed. We then hear that there is a thunderstorm at my stopover in Frankfurt, and the plane arrives two hours late. I still make the flight to Helsinki, since it too is delayed by two hours. I land in Helsinki at three on Saturday morning.

Saturday, May 13, 2017
I get less than six hours’ sleep before the circus resumes. By morning, our team has completely decompiled the WannaCry code. It also turns out that WannaCry has stopped spreading, after a British researcher I know found a function in the code that allowed him to stop the epidemic globally. A deed worthy of a medal! I give two international, live TV interviews from my home over Skype video. One of them is for BBC World, which has dozens of millions of viewers. We talk about how companies all over the world have been infected: Hospitals, car factories, power plants, train companies....

Sunday, May 14, 2017
I spend Mother’s Day wrestling with WannaCry.

Monday, May 15, 2017
On Monday, we find out that WannaCry has done much more damage in Asia than expected. Infections in corporate networks went undetected before the weekend. The phone keeps ringing, as I receive a barrage of calls from clients and the media. I record a two-minute summary of the situation and respond to radio interview requests by emailing the soundbite. Radio stations in at least South Africa and Austria play the file unedited to listeners. CNN calls me and wants to hold a video interview over Skype. It will be broadcast live for international distribution. The interviewer is a female journalist from Hong Kong, who I’ve met several times over the years. Before going live, we reminisce about interviews on the Sony Rootkit in 2005 and Conficker in 2008. After the CNN interview, I take a taxi to Helsinki Airport. As I write this, I’m sitting on the Finnair flight to Barcelona. Tomorrow, we will be starting F-Secure’s key annual client event, involving operator clients from all over the world. It’s not difficult to guess that WannaCry will be the number-one topic. As an information security worker, I truly need to go where my work takes me.