{"id":736,"date":"2023-04-14T07:07:18","date_gmt":"2023-04-14T07:07:18","guid":{"rendered":"https:\/\/dataprot.net\/?p=736"},"modified":"2023-07-14T07:37:03","modified_gmt":"2023-07-14T07:37:03","slug":"wannacry-ransomware-attack","status":"publish","type":"post","link":"https:\/\/dataprot.net\/guides\/wannacry-ransomware-attack\/","title":{"rendered":"Everything You Need To Know About the WannaCry Ransomware Attack"},"content":{"rendered":"\n

In May 2017, a new ransomware attack began threatening everyone on the internet. This attack, called WannaCry<\/strong>, was particularly destructive because it infected so many computers in such a short time.<\/p>\n\n\n\n

In this article, we will explain what ransomware is and how the WannaCry ransomware attack worked. We will also discuss why this particular attack was so damaging, cover its solution, and explore some possible prevention options.<\/p>\n\n\n\n

What Is WannaCry Ransomware?<\/h2>\n\n\n\n

Ransomware is a type of malware that encrypts its victims\u2019 files until they pay the required amount of money in exchange for the decryption key<\/strong>. The WannaCry ransomware attack was perilous – it affected hundreds of thousands of computers in 150 countries within just a few days.<\/p>\n\n\n\n

This attack used the EternalBlue exploit<\/strong>, which targets vulnerabilities in the Windows operating system to spread quickly. Specifically, the most vulnerable devices use the legacy version of the Server Message Block protocol. It is believed that the exploit leaked from the National Security Agency (NSA).<\/p>\n\n\n\n

The WannaCry threat actors demanded a ransom payment of $300-$600<\/strong> in Bitcoin within three days, in exchange for the decryption key. Unfortunately, even after paying the ransom, very few victims were given a key to decrypt their files.<\/p>\n\n\n\n

The US government attributed the WannaCry attacks to North Korea. The attack was declared state-sponsored, and it is thought that the Lazarus Group launched it.<\/p>\n\n\n\n

How Does WannaCry Ransomware work?<\/h2>\n\n\n\n

Regarding ransomware types, we have locker ransomware that locks you out from your computer until you pay the ransom and crypto-ransomware that encrypts your files so you cannot read them.<\/p>\n\n\n\n

WannaCry is the latter type and it propagates through a worm, meaning it can spread without victim participation. Therefore, WannaCry is considered a cryptoworm or ransomworm<\/strong>. The moment one system was affected, the worm propagated and infected the remaining unpatched devices, with no human interaction.<\/p>\n\n\n\n

But how was this made possible?<\/p>\n\n\n\n

Two months before the attack, Microsoft released a security patch<\/strong> against the existing vulnerability, but not everyone updated their operating systems<\/strong> on time. This was an opportunity for the threat actor to launch EternalBlue successfully.<\/p>\n\n\n\n

At first, it was believed that the spread was made possible through a phishing campaign<\/a>, but soon after the attack took place, it was established that EternalBlue was used to facilitate the spread, with DoublePulsar<\/a> as a \u2018backdoor.\u2019 WannaCry creators planted DoublePulsar on the computers so WannaCry could be executed.<\/p>\n\n\n\n

Affected users were told not to pay the ransom, as the hackers didn\u2019t have any way of knowing who paid the ransom, so the victims could only hope that the attackers would send a decryption key once they delivered the funds.<\/p>\n\n\n\n

The Consequences of the WannaCry Attack<\/h2>\n\n\n\n

Although the damage that WannaCry ransomware caused was devastating, security researchers were surprised it didn\u2019t wreak further havoc due to its worm functionality. It is estimated that during 2017, the financial loss amounted to $4 billion, with more than 200,000 devices affected<\/strong>. These numbers have risen even higher since, as this form of threat is still active today.<\/p>\n\n\n\n

After the attacks, commercial ransomware attacks gained more popularity within the black hat hacker community, constituting 39% of all malware attacks in 2017.<\/p>\n\n\n\n

Although the WannaCry hack was a wake-up call and organizations started developing better security measures aimed towards more effective weakness patching in the aftermath, the Protecting Our Ability to Counter Hacking Act that the US Congress proposed never passed.<\/p>\n\n\n\n

If it had, all hardware and software owned by the government would have been regularly reviewed by an independent board of experts, and unpatched systems with potential WannaCry exploits would have been fixed quickly.<\/p>\n\n\n\n

Overall, the ransomware\u2019s impact was extremely far-reaching, as it affected phone companies and even healthcare institutions such as the British National Health Service, which lost \u00a392 million<\/strong> due to 19,000 appointments getting canceled.<\/p>\n\n\n\n

A Groundbreaking Kill Switch<\/h2>\n\n\n\n

While trying to examine the WannaCry ransomware and reverse engineer the samples, Marcus Hutchins, also known as MalwareTech<\/strong>, came across a web URL that was an unregistered gibberish name.<\/p>\n\n\n\n

He found that, if the program could open the URL, the ransomware couldn\u2019t work, so it served as a form of a kill switch. When he registered the URL, it shut down the WannaCry ransomware. This accidental discovery helped stop the spread of this worm.<\/p>\n\n\n\n

Is WannaCry Still a Threat?<\/h2>\n\n\n\n

The answer is yes. Due to changes in the broader attack surface and attack vectors, this threat is still alive and well. Moreover, although Microsoft offers patches that prevent vulnerabilities, many organizations still fail to update their operating systems regularly. Data from the first quarter of 2021 shows a 53% increase in successful WannaCry attacks<\/strong>.<\/p>\n\n\n\n

Encouraged by this successful attack, more and more variants of cryptoworm and ransomworm spread across the world, and many networks keep getting immobilized due to their insufficient cyber protection measures. This ransomware spreads quickly and needs only one entry point to spread throughout the entire network.<\/p>\n\n\n\n

How to Safeguard Against WannaCry Ransomware<\/h2>\n\n\n\n

The first thing to do when defending against WannaCry should be to disable SMBv1. Then, update to the latest version of that software. <\/p>\n\n\n\n

After that, take a closer look at your network traffic and system. Any suspicious file creation, especially with the WannaCry document extension, could be a clue this malicious software is trying to worm its way into your files.<\/p>\n\n\n\n

Also, outbound traffic for SMBv1 ports TCP 445 and 139, and DNS queries for the kill-switch domain are another warning sign, as are connections to ports 9001 and 9003 on the Tor network.<\/p>\n\n\n\n

Although WannaCry will not be activated if it can contact the \u201ckill switch<\/strong>\u201d URL, it can stay in your system even when it\u2019s not encrypting anything. Therefore, if your Windows devices are unpatched, fix that immediately so you can head off the threat before it has a chance to start encrypting your files.<\/p>\n\n\n\n

How To Protect Yourself From Ransomware<\/h2>\n\n\n\n

Now that we\u2019ve established what the WannaCry attack is and how it works, let\u2019s see what steps you can take to protect your devices from ransomware in general.<\/p>\n\n\n\n

Never Click On Suspicious Links <\/h3>\n\n\n\n

If you get an email with a link or an attachment, or you\u2019re browsing the web, and the link seems off, don\u2019t click on it. This could easily be ransomware that can be downloaded to your device with a single interaction.<\/p>\n\n\n\n

Don\u2019t Use Unknown USBs<\/h3>\n\n\n\n

Even though many users don\u2019t think twice about using a USB that doesn\u2019t belong to them, experts advise against inserting unknown USBs into your computer, as it might be infected with ransomware that can be planted on your device.<\/p>\n\n\n\n

Keep Your Operating System and Software Up To Date<\/h3>\n\n\n\n

WannaCry was one of the largest ransomware attacks that affected computers mainly because their systems were not up to date. However, it is definitely not the only such threat active today.<\/p>\n\n\n\n

Your computer can fall victim to various ransomware attacks just because it is not updated with the latest security patches. Even when a patch is available, if you haven\u2019t updated your software and operating system, you might be vulnerable to ransomware.<\/p>\n\n\n\n

Invest in Cybersecurity Training for Your Employees<\/h3>\n\n\n\n

Many data breaches and security threats that affect corporations were made possible by the lack of employee knowledge of cybersecurity. Investing in cybersecurity training for your staff is essential because this can minimize the risk of a data breach and prevent financial and operational losses.<\/p>\n\n\n\n

It\u2019s no wonder that companies worldwide are expected to spend around $10 billion a year on cybersecurity training by 2027<\/a>.<\/p>\n\n\n\n

Never Download from Websites You Don\u2019t Trust<\/h3>\n\n\n\n

The only way of knowing that the files you download are safe from ransomware and other forms of malware is to only download files from trusted sources. Otherwise, you might end up downloading ransomware or other dangerous files.<\/p>\n\n\n\n

Back Up Your Data<\/h3>\n\n\n\n

Even if your files got encrypted by WannaCry malware, you would have fewer things to worry about if you had all your data backed up. However, bear in mind that it\u2019s essential to disconnect your external storage devices from your computer once you\u2019ve done backing your files up.<\/p>\n\n\n\n

Install and Keep Your Anti-Malware Solution Up To Date<\/h3>\n\n\n\n

A reliable anti-malware service is essential for keeping your devices secure on the internet, and while it\u2019s imperative to choose the right one, you must also keep it up to date, so you are sure that it will work against all threats.<\/p>\n\n\n\n

Bottom Line<\/h2>\n\n\n\n

WannaCry ransomware is a severe cryptoworm that can have devastating consequences, and it\u2019s important to know how to protect your devices from it. Although this threat remains active today, we know what steps can be taken to avoid falling prey to it and suffering incredible financial losses.<\/p>\n\n\n\n

Apart from using an antimalware solution and avoiding risky internet behavior, keeping our software and systems up to date is paramount. This is also good advice for defending against all forms of malware.<\/p>\n","protected":false},"excerpt":{"rendered":"

[…]<\/p>\n","protected":false},"author":25,"featured_media":737,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Everything-You-Need-To-Know-About-the-WannaCry-Ransomware-Attack.png",1280,720,false],"thumbnail":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Everything-You-Need-To-Know-About-the-WannaCry-Ransomware-Attack-150x150.png",150,150,true],"medium":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Everything-You-Need-To-Know-About-the-WannaCry-Ransomware-Attack-300x169.png",300,169,true],"medium_large":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Everything-You-Need-To-Know-About-the-WannaCry-Ransomware-Attack-768x432.png",768,432,true],"large":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Everything-You-Need-To-Know-About-the-WannaCry-Ransomware-Attack-1024x576.png",1024,576,true],"1536x1536":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Everything-You-Need-To-Know-About-the-WannaCry-Ransomware-Attack.png",1280,720,false],"2048x2048":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Everything-You-Need-To-Know-About-the-WannaCry-Ransomware-Attack.png",1280,720,false]},"uagb_author_info":{"display_name":"Bojan Jovanovic","author_link":"https:\/\/dataprot.net\/author\/bojan-jovanovic\/"},"uagb_comment_info":0,"uagb_excerpt":"[…]","_links":{"self":[{"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/posts\/736"}],"collection":[{"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/comments?post=736"}],"version-history":[{"count":2,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/posts\/736\/revisions"}],"predecessor-version":[{"id":2545,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/posts\/736\/revisions\/2545"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/media\/737"}],"wp:attachment":[{"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/media?parent=736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/categories?post=736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/tags?post=736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}