LONDON – If you were to go by the headlines alone, you might become convinced porn and ransomware are joined at the hip, intrinsically related and inextricably bound together in the world of cyber-threats.

A Google search for “porn sites ransomware” yields hundreds of thousands of results, reaching back several years in scope. When you look more closely at some of the worst ransomware incidents in recent years however, porn had little or nothing to do with what transpired.

In a report issued last October, the UK’s National Audit Office (NAO) dissected the impact of the WannaCry ransomware attack on the National Health Service (NHS). The report covers a broad range of issues, including the scope of the ransomware’s impact on the NHS, how various agencies in the UK responded to the attack, and investigators’ conclusions about who initiated the ransomware campaign.

Among the NAO’s key findings was WannaCry’s impact on the NHS could have been avoided, if only the NHS had been better prepared and defended against such exploits.

“The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients,” said NAO head Amyas Morse. “It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.”

Morse added that since there are more sophisticated cyber-threats out there than WannaCry,” the “NHS need to get their act together to ensure the NHS is better protected against future attacks.”

One thing you won’t find in the NAO report, or in any of the other investigations into WannaCry, is evidence the ransomware was spread by porn sites, or even phishing emails using porn as bait to draw in unsuspecting users – a theory which was widely reported in the immediate wake of the WannaCry attack.

“Our research shows this nasty worm was spread via an operation that hunts down vulnerable public facing SMB ports and then uses the alleged NSA-leaked EternalBlue exploit to get on the network and then the (also NSA alleged) DoublePulsar exploit to establish persistence and allow for the installation of the WannaCry Ransomware,” wrote Adam McNeil, Senior Malware Intelligence Analyst for the cyber-security firm Malwarebytes Labs.

Just because WannaCry had nothing to do with porn doesn’t mean porn, or porn-related phishing is never the source of a malware attack or other form of exploit, of course. There have been plenty of exploits distributed through malware which has infected popular adult sites, including a high-profile 2015 malvertising campaign which targeted xHamster.

What the mainstream media often doesn’t do a good job of explaining, however, is sites like xHamster are among the victims of such attacks, not at all the perpetrators of the attack. Cyber criminals target these adult sites because they’re well-trafficked and popular, not because there’s something especially vulnerable about them, or because they’re complicit in the scam.

In the 2015 malvertising campaign referenced above, Yahoo.com and MSN.com were among the other major sites targeted, but xHamster was the site most headline-writers chose to focus on. xHamster wasn’t chosen because there was evidence more of its users were affected than users of the other sites; xHamster was chosen because it enabled those same headline-writers to deploy the click-friendly word “porn” in their headline.

The bottom line is while porn sites, phishing emails promoting porn and other porn-related hooks are among the ways malware, ransomware and other exploits are spread, they aren’t the chief means by which such attacks go global. But you’d never know that by surveying the media landscape, where you’ll constantly be greeted with breathless, panicky proclamations like “WARNING – This ransomware threatens to upload YOUR photos to PORN sites” or “HERE’S WHY YOU SHOULD NEVER WATCH PORN ON YOUR PHONE.”

To be fair, I suppose “Tech support scammer tries to sell free software” will just never sound as exciting as “Watching porn is the easiest way to catch something nasty on your smartphone.”

Keyboard Image © Armin Hanisch