The WannaCry Ransomware String of Attacks: What Is the Story?
WannaCry Catches the World Off Guard as the Largest Ransomware Attack in History
Forbes reports that hackers seem to understand the great power they yield—along with the ransom money itself—when committing ransomware attacks. Forbes goes on to cite that there were 3.8 million ransomware attacks in 2015, which was a fairly modest increase over 2014’s 3.2 million. However, in 2016, cyber-criminals got serious when it came to these attacks. Companies around the world faced 638 million ransomware attacks, which is 167 times the number of attacks in 2015.
Even with such staggeringly large numbers of recorded ransomware attacks over the past few years, it seems that no one could have anticipated the size, scale or intensity of WannaCry.
Some Basic Information About Ransomware
Those who have not experienced ransomware should count themselves as extremely fortunate and fortunately well-prepared. Ransomware is a type of malware that locks a keyboard, computer or a computing system for a company once a user clicks on an attached email link from a seemingly trustworthy sender. This common deceptive trickery used by cybercriminals is also known as “phishing.” The lock-out that ensues prevents users from accessing data—dealing out threats to either delete or publish that data—until a ransom is paid. Most often, the cyber-criminals demand payment via Bitcoin.
This extortion racket has been around since 2005, but hackers have been playing the long game to ensure better results—for themselves, or course—by developing ransom cryptware, which actually encrypts the victim’s files with a private key only known by the attacker.
Ransomware attacks have become an increasing international threat to computer users since 2012, and it seems that attackers are becoming increasingly emboldened.
What Is Known About the WannaCry Ransomware Attack on May 12, 2017?
WannaCry—also known as WannaCrypt, WannaCryptor 2.0 and WCry–basically blindsided the world on Friday, May 12, 2017. Suddenly, 300,000 workers in hospitals, railways, telecommunications companies, international couriers and government agencies were met with the message, “Oops, your files have been encrypted!,” according to the New York Times. The cybercriminals demanded $300 in Bitcoin to restore access to files.
The cybercriminals are thought to have cleared $1 billion from computer users worldwide who were desperate to beat the deadline given to either retrieve access to files or lose the information forever.
Below are just a few of the major global organizations affected by WannaCry Ransomware:
- The U.K.’s National Health Service (NHS).
- U.S. Hospitals.
- Police in Andhra Pradesh, India.
- Universities in China.
FedEx has reported that it faced interference due to WannaCry, but they have not released any specific details.
Several hospitals throughout the U.K. were affected by the ransomware, resulting in postponed surgeries and cancelled appointments while leaving the state of the hospitals in disarray for several days after.
Several Russian industries faced problems with WannaCry, including its railway system, banks, telecom providers, and even the Russian Interior Ministry.
The only specific reports from U.S. hospitals comes from Bayer, the manufacturer of radiology machines, stating that it received reports of infections on two of its machines at two different sites.
Some of the Nissan plants were forced to temporarily perform preventive shutdowns to avoid further infection and spread.
It is reported 25 percent of the computers in the Indian state of Pradesh were infected, and it was necessary to shut everything down to prevent further damage.
More than 100,000 computers in Chinese universities were infected with the ransomware. The reason the number is so large is that many of the software programs in China are bootlegged, leaving them highly vulnerable to attack.
This list of global powerhouses, among many others, shows everyone is vulnerable to ransomware attacks, making it crucial that major organizations and everyday computer users do everything possible—including reaching out to database security professionals—to protect their system from such attacks.
How Do the NSA and Microsoft Fit Into the WannaCry Ransomware Picture?
It seems that WannaCry was no random ransomware attack since its roots can be traced to Microsoft and the National Security Agency (NSA). The Intercept reports that back in mid-April, “an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the ‘Shadow Brokers.'”
Just a month later, a cybercriminal latched onto this preventable vulnerability, turning it into pure opportunity for online malfeasance as the malware worm quickly spread around the globe.
The Verge gives more details about Microsoft’s inadvertent role in the WannaCry attack that left hundreds of thousands of computers vulnerable. The cybercriminals exploited a Windows networking protocol intended to spread within networks and, while Microsoft did release a patch, it did not reach all users. In spite of following best practices, Microsoft is under scrutiny for its role and how such vulnerabilities can be avoided in the future.
How Was the WannaCry Ransomware Attack Stopped?
Thanks to a 22-year-old British malware researcher—he prefers to remain anonymous as he routinely roots out cybercriminals and destroys their operations—looking into a sample of the malware; he discovered that it was connected to a specific, unregistered domain. He bought the domain, and effectively activated a kill switch that stopped WannaCry in its tracks.
What Can You Do to Protect Your Organization’s Computing System from Ransomware Attacks?
Now that you have heard the sordid tale of WannaCry, you may wonder just what you can do to avoid the fates of global powerhouse organizations. Is there any hope for your organization if the NHS doesn’t have the appropriate protections in place? While nothing is ironclad in a world where the rates of ransomware are climbing exponentially each year, you can certainly perform due diligence and create the safest operating environment possible by performing some of the following measures:
- Update Your Patches.
- Take Snapshots of Data.
- Limit Access to System Files.
- Stay Alert to Phishing Expeditions.
Make sure all of your software products are current with the most recent patches at all times to ensure the software’s stability, advises The Compliance and Ethics Blog.
Always have a backup that you store offline, basically. Much like your system restore option on your computer, your snapshot at least gives you the opportunity to retrieve data before the infection began.
The fewer people with access to user accounts, the fewer opportunities for someone to fall prey to a phishing attack. Isolating each user’s access to his or her own computer also isolates the potential for the spread of an infection and subsequent damage to files.
Make sure your employees understand the dangers of email phishing and that they are not to accept email from servers that do not adhere to email best practices, or for blacklisted servers.
Avoid Ransomware Attacks Like WannaCry with the Help of Database Security Professionals
At I.S. Partners, LLC., we know how overwhelming it can be to stay on top of the latest database security risks, especially when they evolve so rapidly, the way that ransomware has.
Whether you need additional support in getting up to speed on the latest security risks and malware attacks, or if you want to create better controls to protect database applications, database servers and confidential information, we can help.