WannaCry ransomware attack explained
The WannaCry ransomware attack, also known as WannaCry, WanaCrypt0r 2.0, or Wcry, is a ransomware computer virus that infects Microsoft Windows systems. The malware was discovered on Friday, 12 May 2017 as the hackers exposed and exploited Microsoft Windows Server Message Block (SMB) (often port 445) because of misconfiguration through which they sent malware to encrypt data and demand a ransom payment in Bitcoin in order to decrypt it.
The attack has been called “unprecedented” because of its size and scope. It has affected over 300,000 computers in the United States and over 150 countries by June 2017 (even the UK’s National Health Service (NHS)), and has led to at least one death according to Europol.
WannaCry hit organizations hard. If the attackers were not paid US$300 in bitcoin within three days, or US$600 within seven days, then WannaCry would have begun deleting files on a victim’s computer.
By equipping their people to defend against cyber crime, the same organizations could make WannaCry the last big attack they suffered.
On the afternoon of the 15th of May, 2017, several things were happening in response to the cyber attack WannaCry.
First, Information Security Officers and IT personnel all over the world were rolling out updates and security patches, in an effort to prevent a WannaCry infection, fuelled no doubt by several more high-strength coffees than they’d otherwise drink in any given period.
Second, affected businesses were debating overcoming WannaCry by paying cyber criminals sizeable ransoms. Some were rolling the dice. Others were standing firm.
Third, international organizations were working to track down those responsible to both nullify their operation and prove to an awaiting world that cyber criminals will be brought to justice.
The fourth is most important
The fourth is most important.
While most of the world remained otherwise occupied in preventing, battling and overcoming the biggest cyber security scare to date recorded, someone, somewhere was watching and plotting.
This person – or, more likely, group of people – was not interested in WannaCry. Not directly, at least.
Because these were the people planning the next great ransomware attacks.
How the mind of a cyber criminal works
WannaCry is not the first great cyber attack we’ve ever experienced. And, sadly, it won’t be the last.
Those that know CybSafe know that we’re not interested in hyperbole and fear-factor marketing. Cyber risk is real and we don’t need to dramatise it any more than it already is.
We’re interested in what can be done to protect ourselves against it.
So the fact remains that no matter what happens in response to WannaCry – no matter how many devices are updated and technological solutions laid out – another large scale attack is likely to eventually occur.
There’s a good chance the attack will be equally as devastating and affect numerous organizations, families and people – just like WannaCry attack.
This is unless companies do something to change their people’s behavior when it comes to cyber security.
WannaCry has affected over 300,000 computers in the United States and over 150 countries by June 2017 Click To Tweet
Unsupported software & security vulnerabilities
It’s still unclear precisely what caused WannaCry but it is speculated WannaCry was created by the National Security Agency (NSA) and later published by a hacking group known as the Shadow Broker. It’s still equally unclear if any single entity could have done anything to prevent it.
What is clear is the attack would have been a great deal more muted if it wasn’t for people running out of date, unsupported software with known security vulnerabilities (not unlikely to still encounter organizations on Windows Vista, or Windows XP).
It’s quite likely that many of the people using this software were aware they were running a security risk. They were most likely aware, maybe after security awareness training, that cyber criminals can and do take advantage of insecure software to hack into systems and hold companies to ransom.
Perhaps, they realized that to stop threat actors and ransomware attacks such as WannaCry , they should install updates for their operating system, antivirus software and other security patches to protect their computers from malware. Maybe they also knew they could invest in cloud computing, maintain an offline backup of their data and keep it disconnected from any networks.
So it begs the question:
Why, when people know they’re running such risks, do they fail to put their cyber security knowledge into practice? And what about those that don’t know any better?
The answer lies in human psychology.
Psychologists and behavioral scientists frequently prove humans are hardwired to underestimate risk, seek short-term gratification and ignore evidence that fails to align with an existing worldview.
Taking each of those in turn, it would appear we humans
- Underestimate the risk of a cyber attack
- Struggle to take appropriate measures to safeguard ourselves against cyber attacks
- And convince ourselves we’ll never be victims of cyber attack, despite the fact cyber crime happens every day
The three quirks combined go a long way to explaining why we’re comfortable running unnecessary risks and how WannaCry escalated so quickly.
Given human psychology, and given WannaCry ransomware attack won’t be the last cyber attack ever launched, is there anything companies can do to safeguard themselves against the cyber attacks of the future?
How to change our people’s behavior
As it happens, there is something companies can do for their cybersecurity.
Once companies know what’s stopping their people from following best practice, they can react accordingly.
Companies struggling to change their people’s behavior can take advantage of things like simulated cyber security or phishing attacks. By making cyber attacks real, simulated attacks remedy each of the above three biases at once.
Through changing the behavior of the people that make up workforces of varying sizes, CybSafe helps transform people from posing a risk (or being a vulnerability) to being an asset in the fight against cyber crime.
When we and our colleagues are switched on to the risks of cyber crime, a cyber criminal’s fortunes are immediately reversed.
People are almost always a company’s greatest, most under-used resource.
By investing in them correctly, a company’s employees can become its most reliable defence.