Today, it’s challenging to ignore Ransomware attacks. The F.B.I.’s Internet Crime Report shows that local reports of such threats increased by 20% in 2020. Between 2019 and 2020, attacks increased by over sixty percent worldwide. Attacks by ransomware are growing not just but also in significance.
Moreover, worldwide organizations were affected by the Wannacry ransomware attack, a significant security disaster. On May 12, 2017, the WannaCry ransomware outbreak infected over 200,000 systems across more than 150 nations.
The National Health Service of U.K. (N.H.S.), which was required to redirect some of its ambulances to alternative hospitals, was one of the prominent victims, along with FedEx, Honda, Nissan, and Nissan.
WannaCry became a virulent danger that persists today because of acquired government malware, unpatched Windows machines, and fraudulent insiders.
This article will discuss the “Wanna Cry ransomware attack.”, its consequences, and remediations. Let’s dive in,
What Is WannaCry Ransomware?
WannaCry is a crypto-ransomware virus that targets Windows computers. It’s a type of malware that may spread from Computer to PC across networks, and once inside a computer, it can encrypt crucial data. The attackers then demand ransom payments to access those data. The term was taken from code strings in some of the virus’s initial samples.
Since Microsoft released a patch two months before the WannaCry computer worm initially spread worldwide in 2017, it has been termed a “study in preventable catastrophes” because it could have stopped the infection from infecting computers. Unidentified numbers of these outdated systems remain vulnerable since hundreds of thousands were not upgraded in time.
Within a few hours of the attack, WannaCry was temporarily interrupted. A security researcher uncovered a “kill switch” that turned the infection off. Many impacted systems, however, remained locked and useless until the victims paid the ransom or could decrypt the encryption.
How Do Systems Get Infected by WannaCry?
If not for the way it infects systems, WannaCry would be another ransomware attack in the bunch. The U.S. National Security Agency found and was the first to use a severe vulnerability in Windows computers. The EternalBlue exploit, which allowed the developers of WannaCry to deceive Windows PCs into running their code using the Server Message Block protocol, was finally posted online by a gang of cybercriminals in April 2017.
Using business networks as a jumping-off point to access other Windows computers is how WannaCry spreads. Computer users do not need to open a malicious file or click on an unsafe link to become victims of a phishing attack.
In specific versions, WannaCry leverages credentials that have been stolen to access additional vulnerable computers. It then copies the program and executes it again. So, the entire organization could be at risk from one vulnerable computer on an enterprise network.
What Consequences did the Wannacry Attack have?
Over 300,000 computers in 150 countries became unusable by the WannaCry ransomware attack two years ago, including 80 National Health Service hospitals in the United Kingdom that were forced to redirect patients because the infection prohibited doctors from accessing patient information.
After five years, ransomware groups’ methods, strategies, and procedures have continued to advance.
Phishing hijacked or insecure credentials, insecure remote access, and software vulnerabilities are just a few of the attack vectors that are often exploited.
Additionally, ransomware attacks continue grabbing attention and seriously damaging organizations and activities. Fourteen of the Sixteen critical infrastructure sectors in the U.S.U.S. faced ransomware attacks, according to research conducted by the Cybersecurity and Infrastructure Security Agency in February 2022.
However, ransomware attacks have not just become more frequent.
According to Unit 42 research, ransom requests and payments are growing. In the incident response instances examined in 2021, the average ransom demand exceeded $2.2 million, a 144% rise over the $900,000 average demand in that year. An increase of 78% over the prior year brought the average award from 2021 cases to $541,010.
Ransomware will still be one of the biggest cybersecurity dangers to organizations in 2022. What were the effects insights discovered, and how can security executives successfully resist ransomware assaults to avert another WannaCry crisis five years later? Experienced cybersecurity professionals remark and provide critical insights that are still relevant today.
Why did WannaCry become a Phenomenon?
WannaCry and other ransomware work by locking the system or encrypting your files. Then, as these currencies are more complex to trace than electronic transfers, cheques, or real cash, they demand payment in the form of a cryptocurrency like Bitcoin. However, compared to the normal ransomware attack you read about today, WannaCry differs in a few ways.
Pure ransomware strains are the attacks most frequently used by cyber gangs. Instead of a catapult, consider it to be a bow and arrow. The former is preferable when hitting a single target at a time, but the latter is preferable when hitting many targets.
As an illustration, the malicious software and the criminal organization responsible for the Colonial Pipeline ransomware attack appeared to be centered on just one victim. The group allegedly used a well-known password for a classic Virtual Private Network (VPN) account to spread the DarkSide malware.
The WannaCry attack, on the other hand, was more catapultic. By infecting tens of thousands of computers in more than 150 nations in a matter of hours, it lived true to its name. It quickly targeted all systems over commercial networks and didn’t spare any hosts.
What factors for the broad and effective transmission of the WannaCry ransomware?
1. Worm Component
A worm is a malware that can quickly spread without a host file, destroy data, and use bandwidth. It self-propagates; therefore, unlike a virus, it can begin its harmful action without involvement from humans. Worms can additionally spread malicious software like ransomware. Because of its worm component, WannaCry spread quickly among Windows PCs.
2. Exploits
A cybercriminal can use an exploit to carry out destructive behavior on an unpatched system vulnerability. WannaCry uses a vulnerability in how Windows handles the S.M.B. (Server Message Block) protocol.
In a nutshell, the S.M.B. protocol enables the communication between network nodes. Because many Windows users don’t get updates, threat actors continue to leverage S.M.B. vulnerabilities even after Microsoft patched them in 2017. This is because many Windows users need updates.
How would Things turn out if the WannaCry Ransom was not Paid?
Later, the criminals raised the ransom demand to $600 worth of bitcoins from their initial $300 demand. The WannaCry ransomware attack threatened to permanently destroy victims’ files if they did not pay the ransom within three days.
When it comes to paying ransoms, the suggestion is to resist pressure. Never pay a ransom since there is no way to know if your data will be restored, and each payment supports the thieves’ business model, increasing the possibility of additional attacks.
This advice was held throughout the WannaCry attack because, according to reports, the attack’s code was incorrect. Attackers could not link ransom payments made by victims to victims’ computers when they paid their ransom.
There is some uncertainty as to who received their files back. Some researchers said that they have yet to receive their data back. F-Secure, a business, said that some did. This serves as a clear reminder of why paying the ransom is never a brilliant idea if you are the victim of a ransomware attack.
What Industries were most Severely impacted by WannaCry?
Numerous sectors were impacted by the WannaCry assault because it spread so quickly and infected so many machines globally.
These consist of: Medical care, Emergency services, Security, Logistics, Telecommunications, Fuel, Automobile Education and Marketing
What are the Best Recommendations for Preventing Ransomware?
Following is how to prevent attacks like WannaCry and minimize their effects when they do:
Latest Security Updates should be installed on your Windows Operating System
When the Shadow Brokers disclosed this vulnerability in Windows in March, Microsoft immediately provided a security upgrade. Because of the severe problem, security updates for Windows XP and Vista—versions that Microsoft no longer supports—have also been made available.
Millions of users, however, have chosen to refrain from installing these upgrades. Avoid becoming part of the same group.
Assess your Devices
One will likely maintain track of both with effective device and network control and monitoring. It won’t be long before you forget about a device you attached somewhere or the network settings that linked or detached it from internal networks.
Although this is true for individual users, it is also true for organizations. This is why you need to keep track of every device you have in an asset inventory, and you should also keep an eye out on your network for any strange, suspicious, or missing devices that could be associated with it.
Always Keep Antivirus Software Installed
Utilizing Microsoft’s security fixes is insufficient for attacks because the NSA’s vulnerability was swiftly turned to wrong use. There’s probably an updated version in the works. Reliable antivirus software with anti-ransomware features is crucial to stopping the ever-evolving ransomware threat.
Cybersecurity Awareness and Learning
Given the increase in remote work, staff members need to be routinely reminded of proper email practices. They should never click on suspicious links, nor should they ever open email attachments that they are not familiar with.
Alert yourself to Phishing Emails and Links.
Although the worm component of WannaCry assisted in its transmission, it initially depended on phishing emails and dangerous links. Before clicking on any links or emails, double-check them.
No Single point of Failure:
Regardless of whether it’s ransomware, hardware, database, or other issue. If your data is crucial, it should be backed up in at least one additional secure location.
Seamless Provisioning:
You should be able to restore an asset to a working state as quickly as feasible if it is taken down by ransomware or another threat.
More Recommendations
- Create strong passwords and update them frequently.
- With two-factor authentication, you can secure your system and important accounts.
- Cloud services could minimize your risk of being infected with ransomware since many save older copies of your data, letting you restore them to their original, unencrypted version.
- Any Microsoft Office email attachment instructing you to activate macros to read its content should be severely avoided. Only activate macros and immediately delete the email if you are sure it is honest communication from a reliable source.
- These strategies and various others lower the cybersecurity risk of ransomware, reducing it from a catastrophe to a simple annoyance. It is not sufficient to install antivirus software and cross your fingers, which is why cybersecurity is crucial.
- You require real-time cybersecurity monitoring of you and your third-party providers to lower third-party and fourth-party risks. A vendor risk management system, third-party risk management framework, and process for assessing cybersecurity risks must be developed.
Final Words
The WannaCry ransomware still poses a threat today, even though it made headlines four years ago. This scenario proves that history repeats itself and that we should learn from our errors. Fortunately, if the organization upgrades its software and systems regularly, it won’t have to.
The post WannaCry Ransomware Attack: Everything to Know About it appeared first on EncryptedFence by CerteraSSL - A Complete Web Security Blog.
