In early 2017, a group of hackers, collectively known as “Shadow Brokers”, released an exploit named EternalBlue developed by the National Security Agency (NSA), which is now being used in one of the most prolific cyber-attacks the world has ever seen. The appropriately named ransomware attack, “WannaCry,” utilized EternalBlue, to effectively cripple computer systems and users across the globe, demanding sums of cash from its victims in exchange for the recovery of their data.
What is WannaCry?
WannaCry is a type of malicious software, known as “ransomware,” that blocks user access to files and systems until the victim pays a ransom.
Essentially, once the operating system is infected, WannaCry encrypts all of the contained data. The program then prompts a screen demanding that you pay money, usually in the form of cryptocurrency, to get your data back. To make matters worse, the user is motivated with a sense of urgency as the price increases over a period of time until the grand finale, when all of the files will be destroyed.
Ransomware is a type of malicious software designed to block access to a computer system, or files until a sum of money is paid. Typically ransomware encrypts and/or deletes files and holds them hostage.
Encryption is the process of mathematically converting information or data into an indecipherable format, with the express intention of preventing unauthorized access, or, making the data unreadable to unauthorized users.
Cryptocurrency is a form of digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently from a central bank.
Who Created WannaCry?
Ironically, it appears the EternalBlue exploit was initially discovered by the National Security Agency (NSA). The NSA was alleged to have kept it on file as a potential tool to use for surveillance purposes.
We only learned about the attack because a group of hackers, known under the alias of “Shadow Brokers,” released a cache of stolen NSA documents to the world wide web. The release included details about the WannaCry exploit.
It’s since been declared by Brad Smith, Microsoft’s President, that he believes “with great confidence” that the government of North Korea made use of EternalBlue and was responsible for the WannaCry attack.
“I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons stolen from the National Security Agency in the United States.”
Brad Smith, President of Microsoft
Why Do Attackers Use it?
To be completely transparent, it’s effective. There really isn’t much more to it than that. Ransomware has been the most prominent cyber threat to individuals and organizations alike since 2005, outpacing even data breaches in recent years.
IBM Security conducted a survey, in which it was indicated that while less than 50% of individuals were likely to pay a ransom to get their files back, the figures were much different for businesses. IBM X-Force research found that 70% of executives, who were a victim of ransomware, paid to resolve the hack.
It is hard to argue the efficacy when we’re dealing with figures like this.
How Does it Spread and Who is Vulnerable?
Like most ransomware, WannaCry is spread through file sharing. Specifically, the WannaCry attack uses Microsoft Windows Server Message Block (SMB). To translate, this leaves networks, including those found in financial institutions, educational institutions, hospitals and other large-scale organizations especially vulnerable. WannaCry appears to travel at a rapid pace across corporate networks through file-sharing systems. In other words, if one computer in a network is vulnerable, it is likely they all are.
This is not to say that other computers, including those outside of corporate networks, are immune. Cybersecurity researchers have found multiple variants of the attack, all of which have their own, unique specifications depending on the target in question.
A Hard Lesson in Preparation
Just one calendar year after WannaCry took out financial institutions, transit systems, hospitals and educational institutions across the globe, perhaps one of the most alarming statistics was the damage endured by England’s National Health Service (NHS). Although not explicitly targeted by the attack, NHS is estimated to have suffered almost £100 million GBP (Approximately $170 million CAD) in damages. Of arguably more significant concern, the attack resulted in the cancellation of upwards of 20,000 patient appointments, including surgeries and other critical health appointments.
The unfortunate truth here is that there was a patch available against the EternalBlue vulnerability, the exploit that enabled WannaCry, however, despite multiple warnings, a significant number of NHS Trusts failed to apply the update.
WannaCry Quantified: Reinsurance News, an insurance industry focused cyber-security firm, Cyence, has estimated the total economic loss of the WannaCry ransomware attack at $8 billion.
Protecting Your Organization
With the release of Symantec’s 23rd Volume of the Internet Security Threat Report, indicating that, in 2017 alone, there were 5.4 Billion WannaCry attacks blocked and a staggering 46% increase in ransomware variants; it is now more critical than ever that your organization is aware of the ever-evolving cyber threat environment.
There are a number of information security measures that your organization can implement now to protect your organization against cyber-attack including ransomware, data breach or other forms of cyber-crime. To start, a thorough review of your existing security safeguards that your organization has in place to protect it.
Though many organizations have internal Risk Management departments, the fact remains that most remain grossly unprepared and unqualified for the job. The vast majority of these organizations would greatly benefit from bringing in a third-party vendor of experts in the field of Cyber Security, namely Penetration Testers or Ethical Hackers.
Ideally, to protect your organization against hackers, you’re going to require a team of similar minds on your defensive arsenal, the best of the best.