The Implications of WannaCry Ransomware
This summer saw a new strain of ransomware that raced through computer networks with alarming speed and ability. It stunned users around the world, and the numbers that have come from this single attack are indeed eye-popping; in one weekend, 200,000 computers were affected across 150 countries with estimates of damages nearing the four billion dollar mark. A full inventory of the attack is, in all reality, still ongoing. So, with all of this in mind the question is why was this particular attack, WannaCry ransomware, so damaging? And what can we, in the world of cyber threat intelligence, learn from it?
The answer to the first question seems pretty straight-forward for experts. This was a dual-edged attack that combined ransomware and a virulent worm. Either a worm or ransomware can be devastating for a computer network on their own, but combined, they formed a potent cocktail that struck hard.
In most cases, the WannaCry attack locked up computers and demanded Bitcoin payment in order for them to be unlocked. But what interested those in the cyber threat intelligence community was the type of worm used to spread this difficult-to-combat ransomware. Worms were quite ordinary themselves in the earlier decades of computer network creation, but many did not see their use coming in a 2017 cyber-attack. The hackers who executed WannaCry identified this vulnerability and used it to their advantage.
The apprehension over the speed in which the WannaCry bug moved through worldwide computer systems has not passed. In fact, Windows 10 is now also a possible security risk for the WannaCry software, which in its first wave of attacks primarily targeted Windows 7.
So what can we learn? There are three basic takeaways that WannaCry made all the more clear:
1. Security updates are critical: Many computers were vulnerable to WannaCry due to a lack of patching. Server Message Block (SMB) was one of primary conduits of the worm, and this was something that could be updated and secured for Windows systems. It's one of the reasons Windows 7 was the initial target (an older Windows system was less likely to be patched).
2. Replacing old technology: While patches are important, at some point, technology needs to be upgraded. Windows 7 was introduced in 2009 and is basically ancient by modern tech standards. Although Windows 10 has shown some vulnerability now itself, it was much better prepared than older versions and has been easier to patch.
3. The global threat sharing community: Having an ear to the intelligence community is vital. Word of the worm and accompanying ransomware spread fast, and those without open lines of communication were at a greater risk in general.
Cyber threat intelligence as a field will continue to grow from this experience. NC4 is a key member in the community of experts working to see the next cyber-attack early. To learn how you can increase your cyber threat intelligence awareness, contact us anytime.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.