The WannaCry Attack Was Years in the Making


Traditionally, ransomware has merely been a minor hindrance, though it has the potential to be costly. The method behind the madness is actually quite simple. Ransomware is a particularly intrusive form of malware that locks down your computer and prevents users from doing certain activities, like opening a Web browser or accessing the Internet entirely.

In order to remove the ransomware, you must pay a sum to the developers who created it to regain full control of your computer. Of course, it doesn’t always work out that way. Most of the time, ransomware victims are lucky to ever recover access to their computers and related data.

Some of the worst ransomware has been known to encrypt and destroy data, making it more dangerous than other forms of the attack.

Last week, however, a truly nasty and unprecedented form of ransomware — fittingly named WannaCry — was able to infect more than 70,000 machines around the world within just a few hours. Worse yet, some of the affected systems belonged to hospitals. The ransomware actually prevented doctors and nurses from providing aid to their patients, some of whom were in need of dire medical attention.

But the ransomware did a lot more damage than that. It also infected the systems of a telecom company in Spain, UK-based FedEx offices and even the Russian Interior Ministry.

WannaCry caused an unprecedented amount of damage in just under half a day. There were hundreds of thousands of infected machines spread across various industries and six continents. The attackers bet on the fact that businesses rely on multiple computers at any given point during the day, and that many of those affected would be willing to pay for their freedom. Especially in the case of the compromised hospitals, there was no question that it was necessary to regain control of the computers that would allow lifesaving medical care.

In the wake of WannaCry, people worldwide are wondering: how did this interference happen, and how is something like this even possible?

How Did It Happen?

WannaCry doesn’t operate like you’d expect. That is, it’s not a seedy application or form of spam that self-installs on your computer because you clicked a bad link. It spreads, on its own, through a rather obscure Windows exploit that was only just recently patched by Microsoft engineers. The vulnerability in question is called ExternalBlue, and is the same one the NSA uses as a backdoor.

Yes, that means if you haven’t installed any recent Windows updates — specifically, Security Patch MS17 - 010 - Critical, you should take care of that as soon as possible.

The long and short of it is that, once hackers deployed the virus or ransomware, it targeted Microsoft servers running a file-sharing protocol. Any servers that had not been updated with the security patch after March 14 were quickly infected.

The attackers exploited the vulnerability to drop a payload called DoublePulsar, which included WannaCry. As soon as the first computers became infected, the ransomware began to spread like wildfire, and the rest is history.

This cautionary example goes to show just how important it is to keep both your personal and business computers updated — and not just dismiss update notifications.

How Long Has This Been in the Making?

It’s difficult to know how and when WannaCry was originally developed. What we do know for sure is that this entire event was preventable, which makes circumstances that much more unfortunate.

For decades, experts have warned us about cybersecurity and data risks. We’ve discussed the semantics of online privacy and how to protect ourselves. It seems like nearly every day, there’s a new article with tips on how to protect yourself and your data.

If there’s one key take away from the WannaCry exploit, it’s that all these warnings are absolutely pointless if no one is listening. The negligence and disregard for security have allowed such an exploit to spread so openly. Microsoft clearly did its part. The company patched the vulnerability by releasing an update, and the owners of infected machines simply had to install it, but clearly, that didn’t happen.

Think of all those software applications and mobile apps you’ve installed, but never updated. Believe it or not, many times those updates involve patches and improvements to prevent security breaches like this from happening.

It’s about time we all start taking cybersecurity more seriously, and that includes all of us doing our part to prevent another attack of this scale.

Edited by Alicia Young

Contributing Writer

Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More