Jan 26
WannaCry: The Ransomware Attack That Shook the World
WannaCry. One of the most devastating ransomware attacks in history. In 2017, this malicious software spread like wildfire, infecting over 200,000 computers in 150 countries and causing widespread disruption and damage to businesses, governments, and individuals. But don’t just take our word for it, come along for the ride and see how this cyber disaster unfolded.
What is Ransomware?
Ransomware is a type of malware that encrypts a victim’s files, making them inaccessible until a ransom is paid. Essentially, it’s like a virtual kidnapper, holding your digital files hostage until you pay up.
Ransomware usually spreads through phishing emails, infected software, or by exploiting vulnerabilities in a system. Once the ransomware is activated, it will encrypt the victim’s files, and then display a message demanding payment in exchange for the decryption key to unlock the files. The payment is often demanded in Bitcoin or other cryptocurrencies, making it harder to trace the attackers.
It’s important to note that paying the ransom does not guarantee that the attackers will provide the decryption key or even return the data, leaving the victim with no options. That’s why it’s crucial to have a backup of your important files and to be wary of suspicious emails, software, or links.
The WannaCry Attack
The WannaCry ransomware attack, which began on May 12, 2017, quickly spread across the globe, infecting over 200,000 computers in 150 countries. The attack mainly targeted older versions of Microsoft Windows, exploiting a vulnerability in the operating system known as EternalBlue. This exploit was believed to have been developed by the National Security Agency (NSA) and later leaked by a hacking group known as The Shadow Brokers.
Once the ransomware had infected a system, it would begin encrypting files and displaying a message demanding payment of $300 in Bitcoin in exchange for the decryption key. The attack had a significant impact on businesses, governments, and individuals. Hospitals, universities, and transportation systems were among the many organizations affected, with some unable to access important data or shut down operations entirely.
The WannaCry attack also highlighted the importance of keeping software and systems up-to-date. Microsoft had released a patch for the EternalBlue exploit in March 2017, but many organizations had not yet applied the update, leaving them vulnerable to the attack.
The incident could have been much worse if not for the accidental discovery of a kill switch by a researcher, Marcus Hutchins. The researcher discovered that the malware was programmed to communicate with a specific domain name that was not registered. Once he registered the domain, the malware was unable to propagate further, effectively shutting down the attack. This discovery was a significant breakthrough in the fight against WannaCry.
Who got hit by WannaCry?
WannaCry was the cyber equivalent of a global pandemic. The ransomware attack affected many countries and companies worldwide, with Russia, Ukraine, India, and Taiwan being among the most affected according to Kaspersky Lab. The National Health Service (NHS) hospitals in England and Scotland were heavily impacted, with up to 70,000 devices affected by the ransomware. This forced NHS to turn away non-critical emergencies and divert ambulances.
By the way, later in 2018, a report by Members of Parliament found that all 200 NHS hospitals checked in the wake of the attack still failed cybersecurity checks. You know what they say, “practice makes perfect.” Well, apparently, the NHS didn’t get that memo.
In the automobile industry, Nissan UK and Renault also halted production at some sites in an effort to stop the spread of the ransomware. Other companies such as Telefónica, FedEx, and Deutsche Bahn also experienced disruptions due to the attack. The WannaCry attack hit the world like a computer virus on steroids!
Who was behind WannaCry?
The ransomware was like the heist of the century, but instead of robbing a bank, it robbed the world of its peace of mind. But who was behind it? Well, let’s just say it wasn’t your average Joe.
According to some fancy cybersecurity companies, Kaspersky Lab and Symantec, the code used was a little too similar to a group known as the Lazarus Group. Sound familiar? They’re the ones who pulled off the Sony Pictures hack of 2014 and the Bangladesh bank heist of 2016. And they’re also conveniently linked to North Korea.
But don’t take our word for it, even the President of Microsoft, Brad Smith, believes North Korea is the mastermind behind this operation. And let’s not forget the UK’s National Cyber Security Centre, they’re on board too.
And if that wasn’t enough, the United States Government has officially announced that they consider North Korea the main culprit behind the WannaCry attack.
How much money did the WannaCry ransomware attack generate?
It is estimated that the ransomware attack generated around $140,000 in ransom payments from affected individuals and organizations. The ransomware encrypted the files on victims’ computers and demanded payment in the form of Bitcoin in exchange for the decryption key. The attackers set a deadline for payment and threatened to delete the encrypted files if the ransom was not paid. The majority of the ransom payments were made within the first few days of the attack, with the number of payments decreasing as the days went by. Despite the relatively low amount of money generated by the attack, the WannaCry incident still caused widespread disruption.
What are the ways to prevent and mitigate a ransomware attack like WannaCry?
Preventing a ransomware attack is like avoiding the common cold, you gotta keep your defenses up. And when it comes to ransomware, here’s the deal:
- Keep software and systems up-to-date. Installing updates and patches is one of the most effective ways to prevent attacks that exploit vulnerabilities in software.
- Back up important files regularly. Having a backup of your files ensures that you can restore them if they are lost or encrypted in a ransomware attack.
- Be wary of suspicious emails, software, or links. Ransomware often spreads through phishing emails or infected software. Be cautious when opening attachments or clicking on links in emails, especially if they are from unknown senders.
- Use a reputable antivirus software. Antivirus software can help detect and remove ransomware before it can encrypt your files.
- Limit users’ permissions. Restricting the actions that users can perform on your network can help prevent the spread of malware.
If your system is infected with ransomware, it is important to respond quickly to minimize the damage:
- Isolate the infected system. Disconnecting it from the network can prevent the ransomware from spreading to other systems.
- Do not pay the ransom. Paying the ransom does not guarantee that the attackers will provide the decryption key or even return the data.
- Contact a professional. Reach out to a cybersecurity professional for assistance in restoring your files and removing the malware.
In conclusion
The WannaCry ransomware attack was a wake-up call for many organizations around the world. The attack was so huge that it made headlines all around the world, it was one of the most talked about cyber-crimes in the history of the internet!
It highlighted the importance of keeping software and systems up-to-date, having a backup of important files, and being cautious when opening attachments or clicking on links in emails.
Later on, in August 2018, a new variant of WannaCry forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories. The virus spread to 10,000 machines in TSMC’s most advanced facilities. It’s clear that cyber-attacks will continue to be a persistent threat for organizations of all types and sizes, highlighting the need to stay vigilant and have robust security measures in place.
