What You Need to Know About WannaCry Ransomware CyberAttack.

Posted by Geraldine Hunt on Tue, May 16th, 2017

The WannaCry ransomware cyberattack proves that ransomware has now matured from a malicious menace to a global threat. For many people up to now, ransomware has been a foreboding threat limited to poor end user security awareness or the organization afflicted with poor patching practices and a dearth of enforced security policies.  We have written numerous times about the fact that Ransomware became a $1 billion industry in 2016.  A billion dollars brings a lot of interest and spotlight to something, even something as dangerous as encrypting malware.  It also brings a lot of legitimacy to those who create it, design, package it and deliver it.  Having surpassed the billion-dollar watermark, it was obvious that malware was not going to be a mere flash in the pan. Something big was surely going to happen in 2017, and on Friday afternoon, May 12, 2017, it did, surpassing all expectations.

Affected 150 countries and put more than 200,000 computers out of service

Last Friday afternoon, a crippling blow was delivered across the world, interrupting digital services and operations.  It became a debilitating threat on a worldwide basis that included 150 countries and put more than 200,000 computers out of service.   Just as breathtaking as ransomware’s exponential growth rate over the past two years, the span and reach of the attack was both astounding and unsettling.  Ransomware is traditionally encountered in some haphazard occurrence such as a user clicking an embedded email link that was arbitrarily sent to him or her.  In other cases, it is a result of a serendipity wrong place, wrong time occurrence involving a drive-by website visitation.  In other cases, it is the result of a targeted attack upon a single organization or industry.  In those cases, ransomware is carefully designed and crafted to serve as a silent chameleon that gets lost in the shuffle. 

Friday’s global assault was no random arbitrary occurrence nor was it carefully targeted.  Instead, it was a comprehensive attack driven by a replicating worm that was reportedly stolen from the National Security Agency (NSA) by a hacking organization that calls itself the Shadow Brokers.  This self-driven worm knew no bounds, and it seems that no industry was spared. 

Some of the victims included:

• Britain’s National Health Service that included the disruption of 48 hospitals who were forced to turn away patients and cancel operations.  In addition, 16 organizations connected with the NHS were affected
• The Russian Interior Ministry reported 1,000 of its computers had been afflicted
• Operations for major corporations such as Nissan, French automaker Renault and FedEx were hampered
• Thousands of students were locked out of their theses and final papers at universities across Asia just days before graduation
• Throughout Spain, key infrastructure structures were infected such as telecom, power and natural gas companies.
• Other countries such as Germany who had rail operations disrupted also reported ransomware infections

As reports began trickling in from across the globe, the scope of this attack became very real indeed.  If ransomware were a military threat, it would have perhaps progressed within the United States Armed Forces alert system from the assignment of  Defcon 5 (the least severe) to Defcon 1 (imminent threat).

This strain of ransomware goes by the name of WannaCry, also known as WCry or Wana Decryptor.   Once infected, it shows a message to the victim that states, “Oops, your files have been encrypted!” and a ransom of $300 is demanded (It is reported that the ransom was raised as the day progressed).  Luckily, for the United States, a temporary fix was discovered that offered it a reprieve.  Unfortunately, the hackers could easily overcome that temporary antidote with a new variant that could be released this week.

Besides showing  just how swiftly a worm driven strain of ransomware can proliferate, the attack shows how critically imperative it is for companies and organizations to keep their computing devices properly patched and to retire machines that have reached end-of-life.  The worm exploited a flaw found within the Windows operating system that although patched by Microsoft for their current versions such as Windows 10, was left unabated for outdated releases such as Windows XP and Windows 8.  As another sign of the seriousness of this attack, Microsoft released a patch for both operating systems to remedy the exploit.  Microsoft also released an update for Windows Defender that will report the infestation as WannaCrypt.

The potential loot that the hackers may pocket could be as high as $1 billion.  Though it appears unlikely that these hackers will make off with that much, the millions that they will most likely bring in will be further inducement for even more attacks on a grand scale such as this.

SpamTitan customers are optimally protected. Although Wannacry ransomware has gained massive media exposure we block dangerous malware like this daily with both SpamTitan anti spam and our content filtering solution, WebTitan. Ransomware it seems, has matured even more, and that maturity brings with it an even greater threat. It’s well worth taking a look at both solutions.