In December 2016, five months before WannaCry hit, Infosecurity presented 12 predictions for the year ahead and among them was ransomware. This variant of malware, which locks down your files or your entire PC, has been prominent during the last five years as it has hit both consumers and businesses, small and large.
However, the WannaCry ransomware variant changed the view of ransomware globally, mainly due to its ability to capture multiple major businesses and critical infrastructure. The cyber-attack that hit the NHS and businesses around the world made headline news globally, bringing awareness about ransomware – and indeed cybersecurity – to the masses.
There has been no shortage of industry commentary on the lessons learned from WannaCry, and Infosecurity has compiled a list of 10 of the most notable facts and lessons about the phenomenon.
1 - SMBv1 was Open to the Internet
WannaCry spread because of a vulnerability in Server Message Block version 1 (SMBv1). It is not known how the infection initially began, but this network flaw enabled it to spread.
Source: ZDNet
2 - Wormable Ransomware is a Reality
The concept of a worm was present in the early 2000s, but in WannaCry we saw a combination of classic and modern malware techniques.
Source: Ivanti Software
3 - MS17-010 was Patched in March 2017
Far from using a zero-day exploit, WannaCry was able to spread due to a vulnerability that a patch had been issued for in March 2017. Microsoft reissued this, along with extra support for XP.
Source: Microsoft
4 - NSA and Shadow Brokers Knew of the Flaw
The NSA named the vulnerability ‘EternalBlue’ and it was captured – and dumped – by the Shadow Brokers group in April.
Source: ArsTechnica
5 - Windows XP and 7 were Vulnerable
Initial reports claimed that only those running the three-year unsupported Windows XP were vulnerable, but Windows 7 users were equally vulnerable due to running SMBv1.
Source: The Verge
6 - WannaCry Only Made $100,000 in 10 Days
This ransomware only asked for a $300 payment, rising to $600. As a result, it took over 10 days to collect $100,000 in Bitcoin payments despite infecting over 460,000 machines.
Source: Actual Ransom
7 - The Researcher that Sinkholed it Turned into an Overnight Celebrity
WannaCry was attempting to connect to an unregistered domain. A British researcher, ‘MalwareTech’, found this and effectively sinkholed WannaCry.
Source: Wired
8 - Attribution Claims were Made to North Korea
Once the malware had apparently been halted, attention turned to who was behind it. Some claims pointed to the Lazarus Group, who are affiliated with North Korea.
Source: The Guardian
9 - Legacy IT Systems
It emerged that the NHS had been running Windows XP unsupported for over two years after the government had paid £5.5m/$7.1m for an additional year of support.
Source: Business Insider
10 - WannaCry Contained a ‘Demo Version’
Infected users were presented with the option to pay or use a ‘demo version’ to unlock 50 files, alerting ransomware ‘controller’ that the account was live.
Source: Infosecurity Magazine / Juniper Networks