What is WannaCry Ransomware Attack?

WannaCry Ransomware is a high-profile ransomware attack that rapidly spread through computer networks around the world in May 2017. The attack targeted a vulnerability in old Windows versions, for which a patch had been released by Windows more than two months before WannaCry spread across the world.

The WannaCry attack was formed of several components, which included:

The initial WannaCry dropper contains an application that enables an attacker to encrypt and decrypt data. The encryption component is known as Wana Decrypt0r 2.0, and within it was a password-protected ZIP file.

Within that ZIP file were several individual files containing configuration information that helped the hacker launch their attack. It also included encryption keys that enabled them to unlock data.

The ZIP file also contained a copy of the Tor network, which is an open-source web browser that aims to protect and hide users’ data, locations, and online activity through anonymous browsing.

WannaCry had a major impact on organizations across the world, infecting over 230,000 computers and causing billions of dollars worth of damages. It had a particularly devastating effect on healthcare organizations, including the U.K.’s National Health Service (NHS), due to their extensive use of outdated and unpatched Windows devices. The attack resulted in critical equipment and systems becoming inoperable or unavailable, which led to the closure of emergency rooms and lifesaving devices like magnetic resonance imaging (MRI) becoming ineffective.

WannaCry also had a major impact on large manufacturers that used vulnerable versions of Windows. Many suffered production outages that were hugely costly.

WannaCry could have been stopped by downloading a Microsoft patch released more than two months before the attack began. Microsoft flagged the Microsoft Security Bulletin MS17-010 patch, released in March 2017, as critical, but many systems remained unpatched, leaving them open to WannaCry.

An automatic feature built into Windows 10 systems ensured users were protected against WannaCry. However, the patch was initially only available for supported Windows versions, which did not include the millions of Windows XP systems that were connected to the internet. Microsoft later released a patch for older, non-supported Windows systems. Unpatched systems that were infected could only be restored by reverting to a safe backup.

Businesses can protect themselves from ransomware attacks like WannaCry by ensuring they only operate the latest software versions and following security best practices.

Updating software is crucial to avoiding the threat of ransomware attacks like WannaCry. Organizations and individual users must ensure automatic updates are turned on and any new updates or patches to the software are downloaded immediately.

Ransomware attacks are typically spread through phishing methods that encourage victims to click on links within an email. These links either lead to spoofed websites that attackers use to harvest sensitive personal information or trigger the download of malicious software that infects their computer. It is therefore best practice not to click on any link within any email.

Similar to the spread of ransomware through malicious links, phishing emails also spread malware through email attachments. These attachments can result in malicious code or software being installed, which gives the attacker control of the user’s device or enables them to encrypt files on it.

It is also important to only download applications or software from trusted providers. Suspicious websites that claim to offer free versions of trusted software are likely to include malicious code or programs that can infect a user’s device.

Universal Serial Bus (USB) devices are commonly used by attackers to spread malware or malicious code. Avoid using any unknown USBs, even if it is a device found around the office, because it could be infected with malware.

A virtual private network (VPN) helps users access the internet securely on any network. Public Wi-Fi networks should be avoided, but doing so through a VPN can ensure that the user’s device, location, and browsing activity remain private and cannot be intercepted by a hacker.

Internet security software is crucial to keeping organizations and individuals safe from existing and new security threats. Security software ensures that users’ devices and data are protected at all times from serious cyber attacks and prevents hackers from infiltrating their systems.

In addition to installing internet security software, it is also vital to keep the software updated at all times. Enabling automatic updates and ensuring all new patches are installed immediately will keep the software up to date and keep users protected from the latest security threats.

Backing up data is crucial should an organization fall victim to a ransomware attack. Threats like WannaCry encrypt data, which makes it unavailable to users. Often, the only way to retrieve the data is to revert to a previous backup.