+44-113-357-2020

Cyber Stories: WannaCry Ransomware Attack

Date

12/10/2020

Written by

Airnow

Back in May 2017, a now-infamous ransomware attack started to spread uncontrollably across the globe, eventually affecting hundreds of thousands of computers worldwide. A group of opportunistic hackers took advantage of an exploit found within computer devices running an older version of Microsoft’s Windows Operating System, using an advanced ransomware cryptoworm to hold users' files hostage until those users paid a Bitcoin ransom for their return.

This is the story of how the WannaCry Ransomware Attack spread across the world, and how the world could have stopped it.

What was the WannaCry Ransomware Attack?

WannaCry is a ransomware cryptoworm, a form of self-propagating malware that spreads, wormlike, throughout a victim’s device, encrypting their data and threatening to publish sensitive details unless a ransom is paid. This particular attack was carried out by a group of hackers called ‘The Shadow Brokers’ after the group stole and leaked EternalBlue, an exploit discovered by the United States National Security Agency (NSA) for older Windows systems.

The worm is also known as WannaCrypt. It is considered a network worm because it also includes a "transport" mechanism which allows itself to automatically spread. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar tool to install and execute a copy of itself.

DoublePulsar is a backdoor tool, also released by The Shadow Brokers. A backdoor tool is a covert method of bypassing normal authentication or encryption on a computer which can then be used to secure remote access to a computer, gain access to private information or transfer information within networks.

So, what went wrong?

On the morning of 21st April 2017, security researchers reported that DoublePulsar had been installed on tens of thousands of computer devices across the globe. By 25th April, reports estimated that the number of infected computer devices could have risen to several hundred thousand, with numbers increasing every day.

EternalBlue was the exploit that allowed WannaCry to propagate and spread, with DoublePulsar being the ‘backdoor’ installed on the compromised computers that were then used to execute WannaCry.

What was the impact of the attack?

WannaCry’s attack wreaked havoc across the world. According to Europol, it infected approximately 200,000 computers across 150 countries - the foremost affected countries being Russia, Ukraine, India and Taiwan.

One of the most shocking outcomes of the attack was on Britain’s National Health Service (NHS). A reported 70,000 NHS devices were infiltrated, from computers to blood-storage refrigerators. As a result of the attack, NHS services were forced to turn away some non-critical emergencies and some ambulance routes were even diverted.

As the ransomware spread across the world crippling computer systems, an estimated $4 billion in losses were accrued.

How could it have been prevented?

Like all too many cybersecurity breaches, this attack was easily avoidable had users simply updated their computer systems and had the right education surrounding software updates. It serves as a stark reminder to individuals and businesses of the importance of updating their systems to meet ever-evolving cybersecurity needs. Two months before the WannaCry attack, Microsoft released a patch that protected users’ systems and which would have prevented the whole breach.

Despite this, the majority of individuals and organizations were left vulnerable to the attack as they failed to update their operating systems.

How can you stop it from happening to your business?

Being sure to keep your business’ software and operating systems updated is an essential ransomware protection step. At Airnow Cybersecurity, we can test your systems, applications, and people to verify the strength of your organisation’s security, and to ensure you are safe from any advanced forms of ransomware. We offer a variety of testing services such as Infrastructure Testing, Web Application Penetration Testing and Wireless Testing, amongst others.

For more information on how you can make your business cyber secure, take a look at the approach we take at Airnow Cybersecurity and do not hesitate to talk directly to one of our Cybersecurity professionals.

References
https://www.reuters.com/article/us-cyber-attack-europol-idUSKCN18A0FX
https://www.itpro.co.uk/security/innovation-at-work/29794/what-have-we-learnt-from-the-nhs-ransomware-attack#:~:text=In%20May%202017%2C%20a%20ransomware,colloquially%20as%20the%20NHS%20hack.
https://symantec-enterprise-blogs.security.com/blogs/feature-stories/wannacry-lessons-learned-1-year-later?utm_content=71750833&utm_medium=social&utm_source=twitter