One Week of WannaCry

Written by

A week ago, “WannaCry” ransomware quickly become a global news sensation and truly went viral in every sense of the word. Unless you’re a cybersecurity expert, making sense of the mountains of fear-inducing media headlines is mind-boggling enough to make just about anyone ‘wanna cry’. Rest assured, we know more about cybersecurity than we do about making puns -- and we’ve broken down what you need to know about the WannaCry ransomware attack right here.

What happened?

Around 4 a.m. ET on May 12, 2017, reports surfaced that Spanish telecommunications giant Telefonica had become the first victim of a global ransomware campaign. Shortly thereafter, news broke of similar infections in at least 16 organizations affiliated with the UK’s National Health Service (NHS), as well as other entities across the globe. Hundreds of thousands of computers in more than 150 countries were impacted.

What is the WannaCry ransomware?

WannaCry ransomware initially demanded a ransom of $300 in bitcoin. If the victim failed to pay within three days, the amount doubled to $600. After seven days, WannaCry claims to delete all encrypted files permanently.

How does WannaCry spread?

While we haven’t yet figured out how the initial infection started, we do know how WannaCry spread worldwide so rapidly. The culprit is called the “EternalBlue” exploit and it’s a tool that takes advantage of previously unknown vulnerabilities in certain older versions of Microsoft Windows operating systems, such as Windows XP. The attackers used this exploit to identify vulnerable systems so they could then drop in the WannaCry ransomware to lock the victim's machine.

In fact, the National Security Agency (NSA) allegedly developed EternalBlue years ago for official purposes. In mid-2016, a group named “The Shadows Brokers” began exposing classified information pertaining to NSA tools to the public. In April 2017, the EternalBlue exploit was exposed as part of the group’s ongoing activities. Unfortunately, it wasn’t long before the WannaCry attackers took note and employed it within a ransomware campaign.

Who is susceptible?

Anyone who has a computer running on an outdated Microsoft Windows operating system that has something called SMBv1 enabled is potentially susceptible. What’s SMBv1? Also known as Server Message Block version 1, it’s a network file sharing protocol and it contains the vulnerability that enables WannaCry to infect and spread across multiple computers. For more information on SMBv1 and how to disable it, check out this article from Microsoft.

If you’ve figured out that you are susceptible, the first thing you should do is calm down. Now here’s the good news: prior to The Shadow Brokers’ leak that exposed EternalBlue, Microsoft had already patched the SMBv1 vulnerability and issued an update to all Windows operating systems containing this patch. You should ensure your software is updated and your computer is running an operating system that is supported by its developer.

Before you breathe a sigh of relief, take this opportunity to back-up your data! Chances are, this won’t be the last ransomware attack we ever hear of. Ensuring your data is backed up frequently means you won’t lose it should you ever face a ransomware attack in the future.

Why did this happen?

Many cyber-attacks are financially-motivated, as is likely the case here. Think about it -- even if only ten percent of victims pay the $300 ransom, that’s still thousands of dollars in the attackers’ pockets.

Who is behind it?

“Who dunnit?” is always the million dollar question when it comes to cybersecurity! In terms of WannaCry, nobody knows just yet.

It’s important to realize that the attackers behind WannaCry -- whomever they are -- have made headlines. Not only has their attack compromised hundreds of thousands of individuals and even wreaked havoc for hospitals and their patients, it has ultimately spurred a global response from law enforcement and the security industry.

tl;dr

This attack reiterated that the internet is vulnerable and that many of the technologies on which we have come to rely are not always resilient. Despite the widespread panic that has ensued, it’s important to stay calm.

Rather than worry, view WannaCry as a case study on why basic information security practices are so important. Now is the perfect time to do things like backup your data, update your software, and commit yourself to repeating these activities regularly. While we can’t predict nor prevent each and every cyber-attack, it’s basic steps like these that can help us all become better protected.

What’s hot on Infosecurity Magazine?