Skip to main content

What is WannaCry Ransomware Attack?

Ransomware has emerged as one of the most serious cyber threats to businesses, posing a risk of financial loss, company instability, and reputational damage. Ransomware accomplishes this by encrypting important files, rendering them unreadable, or by locking you out of your computer, preventing you from using it. Crypto ransomware, such as WannaCry, is a form of harmful software (malware) used by hackers to extract money.

WannaCry is a ransomware crypto-worm cyberattack that targets Microsoft Windows-based machines. It was first published on May 12, 2017. The ransomware encrypts data and demands a ransom of $300 - $600, which is paid in Bitcoin. WannaCry goes under several names, including WannaCrypt, WCry, Wana Decrypt0r 2.0, WanaCrypt0r 2.0, and Wanna Decryptor. The WannaCry ransomware attack in 2017 was one of the most widely spread computer attacks; here's everything you need to know about it and how to protect your data.

How Does the WannaCry Ransomware Attack Work?

WannaCry is made up of several components. A primary delivery program also contains other applications, such as encryption and decryption software. WannaCry hunts for hundreds of particular file types after it has infiltrated a computer system, including Microsoft Office files, as well as photo, video, and music files. Then it runs a program to encrypt the data, which can only be decrypted using a digital key given from outside the system.

Infected users may only access WannaCry encrypted data if they have an external backup copy of those files. Some victims' sole option during the original WannaCry attack was to pay the Bitcoin ransoms. Unfortunately, when the firms paid up, the hackers did not allow the victims access to their information, according to reports.

How did Wannacry Ransomware Spread?

When the WannaCry ransomware attack first occurred, many people thought it was transmitted through a phishing effort (a phishing campaign is where spam emails with infected links or attachments lure users to download malware). EternalBlue, on the other hand, was the exploit that allowed WannaCry to spread and proliferate, with DoublePulsar serving as the 'backdoor' on the infected systems (used to execute WannaCry).

EternalBlue is the name of the vulnerability exploit for Windows' implementation of the Service Message Block (SMB) protocol (CVE-2017-0144). The vulnerability stemmed from a problem that allowed a remote attacker to execute arbitrary code on a targeted system and send specially crafted data packets.

While WannaCry may spread throughout a company's network by exploiting a vulnerability, the first method of infection, how the first machine in the company gets infected, is yet unknown. WannaCry has been seen on malicious websites, according to Symantec, however, they look to be copycat attacks unconnected to the initial strikes.

WannaCry spread faster than any virus campaign in the previous 15 years, due to the Windows weakness recently revealed from the National Security Agency's cyber arsenal and some basic programming to tracking down servers that communicate with public networks.

What is The Impact of the WannaCry Ransomware Attack?

According to Kaspersky Lab, the size of WannaCry was unprecedented, with roughly 300,000 machines infected across 150 countries, with Russia, Ukraine, India, and Taiwan being the most affected. The National Health Service, England's publicly financed national healthcare system and one of the four National Health Services for each of the United Kingdom's constituent countries, was one of the most heavily hit agencies. It is the world's largest single-payer healthcare system.

Up to 70,000 items, including laptops, MRI scanners, blood-storage freezers, and theater equipment, might have been harmed. As a result, several NHS services have turned away non-emergencies and ambulances have been redirected.

Along with the NHS, Telefonica, one of the world's leading telephone and mobile network providers, was one of the first significant organizations to disclose WannaCry-related issues. FedEx, Nissan, the Russian interior ministry, police in Andhra Pradesh, India, Chinese universities, Hitachi, Chinese police, and Renault were among the companies affected.

What Happened if the WannaCry Ransom was not Paid?

The attackers first requested $300 in bitcoins but eventually boosted their ransom demand to $600. Victims of the WannaCry ransomware attack were informed that if they did not pay the ransom within three days, their files would be irreversibly wiped.

Many top experts advise against paying the WannaCry ransomware, claiming that many people who did pay were unable to recover their files from the cybercriminals. There have also been cases where security experts were able to overcome ransomware assaults like WannaCry ransomware owing to the perpetrators' defective programming. Of all, cybercriminals are continuously designing newer, more potent malware, so relying on flawed code in the case of future attacks is dangerous.

It's unclear whether anyone received their data back. Some researchers stated that their data was never returned to them. F-Secure, on the other hand, claimed that some did. This is a clear reminder of why paying the ransom in the event of a ransomware attack is never a smart idea.

How to Protect your Computer from Ransomware?

Simply, we can defend ourselves against Wannacry-style attacks by encrypting all of our data with firewalls and passwords. Assuring the usage of strong passwords throughout the company is very important.

Reports from basic perimeter security solutions are thoroughly examined. Every day, anti-virus software, hardware firewalls, and intrusion prevention systems(IPS) log hundreds of amateur attempts on your [network security])(/docs/network-security-tutorials/network-security) these documents might reveal serious weaknesses.

Every piece of software in your business, from accounting programs to operating systems, should be checked for updates and security fixes. WannaCry was completely unaffected by computers running Microsoft's most recent upgrades, which should serve as an encouragement to never again select "Remind me later".

Although social engineering and phishing were not involved this time, training employees to spot strange links is a certain way to avoid the dozens of different malware types that endanger your company.

The last but maybe the most important task is storing Data (and backup data) should be in safe areas that are difficult to access by cybercriminals.

WannaCry Ransomware History

In May 2017, the WannaCry ransomware outbreak became a worldwide epidemic. It made international news in 2017 when it affected over 300,000 systems in 150 countries. WannaCry made advantage of an exploit known as Eternal Blue, which was engineered into Windows operating systems by the National Security Agency of the United States. WannaCry's hackers then demand payments in Bitcoin in the range of 300 Pound to 600 Pound.

WannaCry Ransomware History

Figure 1. WannaCry Ransomware History?

The NHS in the United Kingdom and HSE in Ireland, Nissan Motors and Renault automotive manufacturing facilities, Spain's Telefonica telecoms business, international transportation service FedEx, and German train corporation Deutsche Bahn were among the high-profile victims of the WannaCry attack.

The pace with which the virus spread was unprecedented. For the tremendous worldwide disruption it caused, this strike was important. In retrospect, the WannaCry attack teaches people, businesses, and governments a lot about cybersecurity, and it continues to demonstrate the consequences of reckless behavior in cyberspace.

WannaCry's creators had earned more than $130,000 in ransom payments by June 2017. Researchers from all around the globe hurried to create tools that were eventually effective in reversing WannaCry's assaults. In August 2018, a new variant of WannaCry infected 10,000 computers belonging to Taiwan Semiconductor Production Company, briefly shutting down the company's chip manufacturing operations.

The size of the WannaCry attack makes calculating the entire cost impossible. The National Health Service in the United Kingdom estimated the cost of interruption and IT updates to its systems caused by WannaCry at 92 million pound. According to some estimations, the total cost of WannaCry's effects might be as high as $6 billion.