Contact Us      General Enquiries: +44 (0) 1273 834 000   Support / Service Desk: +44 (0) 113 360 9696

PAV IT

  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance
CONTACT SALESsupport
  • Home
  • Our latest Blogs
  • Blog
  • All You Need To Know About Wannacry Ransomware
June 25, 2022

All You Need To Know About Wannacry Ransomware

Thursday, 27 May 2021 / Published in Blog, Mimecast

All You Need To Know About Wannacry Ransomware

All You Need To Know About Wannacry Ransomware

The 2017 WannaCry Ransomware Attack Was One Of The Most Widespread Computer Infections Ever, And WannaCry Attacks Continue Today.

Key Points:

  • The WannaCry ransomware epidemic of 2017 disrupted hospitals, banks and communications companies worldwide.
  • Four years later, cybercriminals renewed efforts to deploy WannaCry ransomware during the COVID-19 pandemic.
  • Companies can take steps to prevent infection, with software updates being most important.

Responsible for one of the most notorious worldwide malware infections ever, WannaCry ransomware is still actively used by cyberattackers today. Four years ago this month, it decimated networks around the globe, from entire healthcare systems to banks and national telecommunications companies.

It’s still lethal enough to be used now, and there’s been an uptick in reports of its appearance during the pandemic. Here’s everything you need to know about WannaCry ransomware today — including how to protect your organization from it.

What Is WannaCry Ransomware?

WannaCry ransomware is a crypto ransomware worm that attacks Windows PCs. It’s a form of malware that can spread from PC to PC across networks (hence the “worm” component) and then once on a computer it can encrypt critical files (the “crypto” part). The perpetrators then demand ransom payments to unlock those files. The name was derived from strings of code detected in some of the first samples of the virus.

WannaCry has been called a “study in preventable catastrophes” because two months before it first spread around the world in 2017, Microsoft issued a patch that would have prevented the worm from infecting computers.[1] Unfortunately, hundreds of thousands of systems were not updated in time, and an unknown number of such systems remain vulnerable today.

How Does WannaCry Infect Systems?

WannaCry would just be another also-ran among ransomware attacks if it weren’t for its method of infecting computers. A critical vulnerability of Windows systems was discovered and reportedly first exploited by the U.S. National Security Agency. Dubbed EternalBlue, the exploit was eventually shared by a cybercriminal hacking group online in April 2017, and it allowed WannaCry’s creators to trick Windows systems into running its code using the Server Message Block protocol.

The way WannaCry spreads is by using corporate networks to jump to other Windows systems. Unlike phishing attacks, computer users don’t have to click on a link or open an infected file. WannaCry just looks for other vulnerable systems to enter (in some versions it uses stolen credentials), then copies and executes the program, again, and again, and again. So a single vulnerable computer on an enterprise network can put an entire organization at risk.

How Does a WannaCry Attack Work?

The WannaCry program has several components. There’s a primary delivery program that contains other programs, including encryption and decryption software. Once WannaCry is on a computer system, it searches for dozens of specific file types, including Microsoft Office files and picture, video and sound files. Then it executes a routine to encrypt the files, which can only be decrypted using an externally delivered digital key.

So the only way for an infected user to access WannaCry encrypted files is if they have an external backup copy of those files. During the initial WannaCry attack, the only recourse some victims had was to pay the Bitcoin ransoms. Unfortunately, reports indicated that after the companies paid up, the hackers did not give victims access to their files.

Where Did WannaCry Originate, and Is It Still Active?

In May 2017, WannaCry spread panic across corporate networks worldwide as it quickly infected more than 200,000 computers in 150 countries. Among those systems, the National Health Service of the U.K. was disrupted, Spain’s Telefónica telecom service was threatened and banks in Russia were compromised. While the virus seemed to appear all at once, researchers later traced earlier versions to a North Korean organization known as the Lazarus Group.

There were many clues buried in the code of WannaCry but no one ever claimed responsibility for creating or spreading the program. One researcher discovered early in the cyberattack that the program initially tried to access a specific web address that turned out to be an unregistered nonsense name. If the program was able to open the URL, WannaCry would not execute, so it acted as a sort of kill switch. Consequently, British researcher Marcus Hutchins registered the URL and effectively blunted the spread of the WannaCry ransomware.[2] 

Nevertheless, there have been waves of WannaCry resurgence in the years since. One high-profile case occurred in 2018 at Boeing. Ultimately, it caused more panic than actual damage, but productivity at the aircraft maker took a hit.

Recently, security researchers have seen renewed WannaCry infections. One report noted a 53% increase in WannaCry ransomware in March 2021 compared to January of this year, while another stated that WannaCry was the top ransomware family used in the Americas in January with 1,240 detections. More noteworthy: the latest variants being used by hackers no longer include a kill-switch URL.[3]

Protecting Against Ransomware

Fortunately, there are cybersecurity steps every company can take to prevent a WannaCry ransomware attack:

  • Install the latest software: If the three most important words in real estate are location, location, location, the three most important words in cybersecurity are update, update, update. The original global WannaCry infection could have been prevented if companies and individuals had updated their Windows software. The exploit that allowed WannaCry to propagate had been patched by Microsoft two months earlier.
  • Perform Backups: It’s a mundane task but a necessary one to protect critical data, so companies need to establish a routine of backing up information. In addition, backups should be stored externally and disconnected from the enterprise network, as in a cloud service, to protect them from infection.
  • Cybersecurity awareness training: Employees need to be periodically reminded of good email habits, especially now that more workers are working remotely. They should never open unknown email attachments, and they should never click on any links that are at all suspicious.

The Bottom Line

Although it had a massive impact four years ago, WannaCry ransomware remains a persistent threat today — more evidence that those who don’t learn from history are destined to repeat it. Fortunately, your organization won’t have to if you’re diligent about updating your software and systems.

[1] “Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic,” Dark Reading

[2] “Marcus Hutchins, malware researcher and ‘WannaCry hero,’ sentenced to supervised release,” TechCrunch

[3] “WannaCry Ransomware Attacks Up 53% Since January 2021,” NetSec.news

Original article can be found HERE

What you can read next

blog_header_03_08_20
Integrating Security Products Is Vital For Cyber Resilience
blog_header_hp_tradein
HP Secure Trade In
How Microsoft 356 Helps Woodroyd Nursery & Children’s Centre
How Microsoft 356 Helps Woodroyd Nursery & Children’s Centre

Recent Posts

  • Sophos Event Blog Header

    Better cyber protection doesn’t have to cost you more

    Most campaigns that vendors / resellers run is ...
  • Cyber Insurance Blog

    Cyber insurance: there’s bad news and there’s good news

    The threat environment is more challenging than...
  • Evolving Cyberattacks header

    How Common Types of Cyberattacks are Evolving

    Cyberattacks are ever changing. Read about cybe...
  • Watchguard MFA Header

    Protecting User Identity and Securing Business Trust with Multi-Factor Authentication

    THE EVOLUTION OF AUTHENTICATION – HOW WE GOT HE...
  • CRN Nomination 2022 Header

    CRN Best Company to Work For Nomination 2022

    Why is your company such a great place to work?...

Categories

  • Applications
  • Blog
  • Cisco
  • Commvault
  • Events
  • Legal
  • Manufacturing
  • Microsoft
  • Mimecast
  • Networking
  • News
  • Newsletters
  • Other News
  • Retail
  • Sophos
  • Watchguard

pavilion logo small

A leading IT infrastructure solution and support provider that has been delivering flexible and modular solutions and consultancy to businesses across the UK since 1988.

GET IN TOUCH

  • General Enquiries: +44 (0)1273 834 000
  • Support Desk: +44 (0)1273 834 433
  • Email: info@pav.co.uk
  • PAV I.T. Services
  • The Old Corn Mill, Bullhouse Mill
  • Lee Lane, Millhouse Green
  • Sheffield S36 9NN
  • View on Google Maps
  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance

Pav IT © 2022 All rights reserved.

  • GET SOCIAL
TOP