Analyzing WannaCry a Year After the Ransomware Attack
The cyber-attack known as WannaCry first broke out in May of 2017 and was unprecedented in its scope and impact. It utilized a Microsoft Windows vulnerability that was leaked by a cyber threat group, the Shadow Brokers, and despite Microsoft releasing a patch for the vulnerability, many organizations failed to apply the patch and were left vulnerable. Because of this, organizations around the globe were impacted by the ransomware, with WannaCry infecting over 200,000 machines in only a few days. The malware worked by utilizing the SMB vulnerability mentioned above to spread within a network after the initial infection.
One year later it is still unclear to researchers the methods for the initial attack vector, though there were some rumors regarding phishing email; however, nothing has been confirmed. This particular vulnerability was especially detrimental to organizations because it did not require any user interaction, so it could spread freely and indiscriminately. The infected networks found that the malware encrypted all the files on the machines, and was notified that the only way to retrieve them was to pay $300 USD. However, as many victims discovered, the malware was coded in a way where machines that paid the ransom were not organized. Due to this, the threat actors could not send a decryption key since they had no way of knowing who had and had not paid. Despite this major flaw the cyber-attack only gained a small profit compared to the number of machines that were infected which prompted many people to believe that the attack was intended to wreak havoc rather than gain money. Eventually, several western countries identified the attack as a case of cyber espionage.
A recent report by Kailyn Johnson of the Anomali Labs team examines consequences the attack had on organizations, specifically examining the UK's NHS since the impact of the attack and an audit was made public. Based on how the NHS handled the attack, and the recommendations made in the audit, the report applies some of those to the larger affected population. Many of the lessons to be learned from this WannaCry attack are based heavily on organizational culture and how companies organize and prioritize various aspects of security. Some of the major lessons learned in the white paper include improved cybersecurity awareness training for all employees, remaining informed of the current threat landscape, and better cyber habits in and out of the workplace.
FEATURED RESOURCES
Anomali Cyber Watch: Zero-Click Affects Claude, SolarWinds Vulnerabilities for Velociraptor and more
