What We Learned from WannaCry 5 Years Later
Just over five years ago, on the morning of May 12, 2017, a ransomware attack infected over 230,000 computers in more than 150 different countries.
Beyond crippling businesses, the virus spread worldwide – fast – freezing many thousands of public services like medical resources and communications utilities.
At the time, the only instant way to fight the virus was to send cryptocurrency, to the tune of up to $600.
The international cyberattack, known as WannaCry, came in the form of a ransomware cryptoworm targeting computers running Windows OS. WannaCry propagated from a stolen, leaked exploit that happened to be developed by the National Security Agency (NSA) for dated Windows systems.
About two months before the attack, Microsoft released patches to close the exploit. But WannaCry spread anyway because too many organizations neglected to apply the patches.
At the time, patches could only be applied manually – the task was a long slog, tedious and frustrating.
By evening, WannaCry spread to Spain and throughout most of Europe. It also breached the United States, South America, and Russia.
The hackers didn’t care who they stole from – anyone and everyone with an email address or computer could be targeted. The malware creators weren’t even actively trying to hold hostage the world’s economy or knock out grids. But once they released WannaCry those consequences were unavoidable.
The thing is, WannaCry was built to spread lightning-fast between computers sharing the same network.
As soon as the virus encrypted a file, a pop-up appeared (in almost thirty different languages). The message demanded a ransom of up to $600 to unlock each infected file.
Needless to say, the consequences were dire. Take England, for instance: the staff of the National Health Services (NHS) was locked out of its system for four full days. Not only that but almost 50 affiliated hospitals and clinics reported interrupted surgeries and disconnected support machinery. Critical patients were forced to move to other institutions as the NHS couldn’t meet the threat.
What was the immediate defensive response to the WannaCry cyberattack?
At first, experts advised affected users against paying the ransom. They did this because there were no substantial reports of people getting their data back after they paid the ransom. Also, had word come out about the hackers collecting large sums it could’ve encouraged a wave of cybercrime. Still, about a month later, by June 14, 2017, a total of approximately $131,000 had been transferred to the hackers.
The day after the initial attack, Microsoft released out-of-band security updates for their end-of-life products. Microsoft encouraged organizations to patch Windows and plug the vulnerability to protect themselves from the consequences of the attack.
Finally, a researcher named Marcus Hutchins discovered a kill switch domain hardcoded in the malware. He registered a domain name for a DNS sinkhole to stop the attack because the ransomware only encrypted the computer's files if it was unable to connect to that domain. This amputated the infection’s reach and allowed defensive measures to be deployed throughout the world.
5 years later: What did we learn from WannaCry?
When it hit, WannaCry reached a state of infamy almost instantly. Fortune 100 companies like Boeing were hit by the WannaCry virus making it a household name whether or not you followed tech industry news.
Perhaps WannaCry’s quick climb to the international news stage was a good thing in that it alerted everyday computer and device users to the dangers of cyber breaches. Since 2017, we have learned quite a bit.
3 things to keep in mind as you work to secure your environment
Here are a few tips to consider when bracing your IT environment against future attacks.
Known vulnerabilities are a cyber criminal’s best friend
That’s because attackers are looking for the fastest and easiest way into your network. The effort and money required to launch attacks against known vulnerabilities with available patches are minimal compared to building a brand new attack vector or successfully locating a zero-day vulnerability.
Automated endpoint patching is key
Do NOT overlook it.
Patching is a necessary security task that, until recently, has been cumbersome and time-consuming. Because historically it’s been a major pain point for most IT teams, organizations have gotten used to putting it on the back burner.
It’s become a habit for IT teams to tackle more strategic defensive projects first and patch later when they “have time” or when there’s an urgent need such as a WannaCry-type threat. That’s why it’s imperative you find a budget-friendly, automated tool to ensure all your endpoints are always secure.
Remember: Hackers exploit known vulnerabilities
Want access to an organization’s network? Exploit known vulnerabilities.
Did you know most attackers target exploits that are over a year old? Some attackers even target exploits that are as much as ten years old. But you can learn how to improve your cyber resilience, right now.
Hackers know the easiest way into a company's network is through outdated and unpatched software updates. But cybercriminals have had the upper hand for far too long. Automate your endpoint patching procedures to protect yourself – in minutes – against those who exploit known vulnerabilities.
How can you increase your security posture in today's cybersecurity threat landscape?
What are the best ways to prepare for supply chain ransomware attacks?
How should IT organizations respond to Biden's urgent call for heightened cybersecurity?
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.