Did you know? It’s been six years since the infamous WannaCry ransomware attack that targeted 300,000 victims across 150 countries... including the UK's National Health Service, which was left with £92 million in recovery costs and approximately 20,000 cancelled appointments.
In 2023, WannaCry is still a source of significant concern: as a ransomware that encrypts files on infected computers and offers to provide the password in exchange for a ransom, this malware spreads through networks using exploits developed by the NSA’s Equation Group.
So what have we learned about WannaCry, and what are the updates on it in 2023? Today, we talk about 4 simple solutions to WannaCry that your organization can begin implementing today.
The 2017 WannaCry Attack: A Retrospective
News first broke May 12, 2017 and by midday an estimated 57,000 computers had been infected. Within three days over 200,000 systems worldwide had been infected with WannaCry ransomware. The most notable impacts caused major disruptions in the UK's National Health Service that caused appointments and operations to be cancelled, including vital heart and cancer surgeries. The attack even elicited a response from the White House only one day after the current administration presented executive orders relating to increasing cybersecurity measures.
WannaCry leverages a vulnerability called EternalBlue, which came from NSA leaks that contained various exploits. While the news surrounding WannaCry is settling down a new worm called EternalRocks is beginning to make headlines. EternalRocks has the potential to be more dangerous and spread faster because it can infect more systems than WannaCry. The new worm uses EternalBlue in combination with several other leaked exploits to infect computers.
WannaCry in 2023 and Beyond
Studies show that the most impactful cyber epidemics occur every six to seven years. By that measure, researchers have stated that the likelihood of the next WannaCry happening in 2023 or 2024 is significant. Why? Because threat actors likely possess at least one suitable exploit, and, with current global tensions at play, the time is right to strike. This is especially true of mixed physical-and-cyber breaches.
Other cybersecurity predictions for 2023 and beyond include, but aren't limited to:
SIGINT-delivered malware being on the rise, which utilizes servers in key positions to allow man-on-the-server attacks
A sharp increase of destructive attacks, due to the current global political climate
Mail servers becoming prime targets for threat actors
APT focusing on satellite technologies, operators, and producers
The rise of hack-and-leak operations
And APT groups moving on from CobaltStrike to alternative red teaming tools
If you are worried whether you or your organization is vulnerable to these attacks, then cry no more: here are a few ways to prevent against and contain infections.
Patch Your Systems
Patches were released back in March 2017 by Microsoft for all of the supported and affected operating systems. Ensuring your systems are up to date and that you’ve applied the latest security patches is one of the most important prevention methods.
If you are using the affected operating systems and they are not patched, be sure to update as soon as possible. Patches have been released for Windows Vista, 7, 8.1, 10, Server 2008 R2, 2012, 2012 R2 and 2016.
Upgrade Your EOL Systems
If your organization has any lingering end-of-life operating systems you should upgrade as soon as possible to reduce any further risks. Fortunately, Microsoft did release patches in May for a few operating systems they no longer support, this is a rare occurrence.
Patches have been released for EOL operating systems including: Windows XP, 8.1 and Server 2003.
Upkeep Security Awareness Training
It is critical that your organization develops and rolls out an effective security awareness strategy that includes tactics to avoid phishing attacks. Some organizations affected by WannaCry reported phishing emails contained malicious software, while others reported there were no downloads that triggered the infections.
Different versions of the attack software may or may not require user interaction which is why training and patching are required to mitigate the risk of infection.
Update Your Antivirus
Keep antivirus software up to date along with running regular scans. Many antivirus vendors are capable of detecting the latest malware and ransomware by pushing regular updates as well as actively monitoring for suspicious file downloads and email attachments.
If you do happen to find an infected computer disconnect it from the network as soon as possible to reduce the potential opportunity for it to spread across the network
Protecting an organization's infrastructure and data against the latest security threats is an ongoing and challenging process, especially when it comes to both WannaCry ransomware and other predicted threats for 2023 and beyond.
Ready for more than a VA scan? Reach out to your team today for personalized recommendations and a free, zero-obligation quote.
Sign up for our newsletter
Get the latest blog posts in your inbox biweekly!