Last Friday May 12, 2017, approximately 200,000 systems located in 150 countries were impacted by WannaCry Ransomware attacks. WannaCry Ransomware is being regarded as the most damaging ransomware attack to date. This is due to the short amount of time in which a large quantity of systems were impacted over a wide spread of geographical locations.
How did it happen?
Attackers used leaked techniques for hacking Windows OS that were created by the National Security Agency (NSA). These attacks were deployed via a Windows vulnerability that had a patch released for it in March 2017. Systems that were not patched were susceptible to the attack. Analysis is on-going regarding the motives for the attack and the attackers’ identities, but there are various speculations regarding these aspects.
Ransomware Analysis & Profitability
The attackers have earned a little more than $55,000 from the attack. However, Matthew Hickey, a researcher at London-based security firm Hacker House, analyzed the ransomware and determined that the attack wasn’t designed effectively. For instance, Mr. Hickey found that WannaCry lacked an automated process to verify payments through the assignment of unique Bitcoin (digital currency) IDs. This essentially has resulted in at least one victim who paid the ransom but has not received the decryption key yet. In addition, this means that the hackers must manually determine which computers to decrypt, which is adversely affecting their profitability.
Prevention & Mitigation Safeguards
While the impact of the WannaCry attack is significant, the prevention and mitigation safeguards for this ransomware are not any different from the others. These safeguards are based on cybersecurity foundational elements, which are regarded as operational leading practices.
If your organization has been impacted by ransomware:
Future prevention safeguards are as follows:
If inexperienced attackers were able to cause this much devastation with the WannaCry attacks, actual pros could certainly have inflicted a much more destructive campaign. Other ransomware attacks have been far more profitable and had longer tenures. As cybersecurity incidents continue to capture news headlines, some attackers have demonstrated a complete disregard for loss of life, damages, and operational delays. The WannaCry attack is a loud and inescapable alarm to organizations of all types to ramp up their defenses against ransomware because more of these attacks are certainly on the horizon.
Interested in learning more about how to develop effective ransomware safeguards for your organization? Check out our Ransomware Prevention & Safeguards presentation. Feel free to contact Aronson Technology Risk Services Group Partner Payal Vadhani to discuss ways to increase your organization’s resilience to ransomware attacks at 301.231.6236.