WannaCry A Year After

WannaCry A Year After

Written by Scott Hall on . Posted in Computer Security

wannacry

WannaCry was a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. While infecting a target computer, it encrypts the contents of the hard drive, denying access to the user, then demands a ransom payment, in the form of untraceable bitcoin, in order to restore access.

 

WannaCry arrives on the infected computer in a self-contained program that extracts the other components embedded within itself, which include the encryption keys, and a copy of Tor, a dark web browsing tool.

 

The program code was easy for professionals to analyze. Once launched, WannaCry proceeds to encrypt files in a slew of important formats, ranging from Microsoft Office files to MP3s, then displays a ransom note, typically demanding $300 in Bitcoin to restore access.

 

The initial spread of WannaCry was particularly noteworthy, in that it struck a number of high-profile & critical systems, such as the National Health Service in the UK, Nissan Automotive’ s manufacturing facilities in the UK, the University of Montreal, Boeing Commercial Airplanes in the US, and PetroChina, just to name a few. Victims were advised against paying the ransom demands, as the attackers were not restoring access after the ransom had been received. After the initial attack, payments totaling $130,635 USD were reported to the bitcoin wallet assigned to the ransom payments.

 

The last week in March 2018, Boeing Aircraft was hit by an evolved version of WannaCry, which is incredibly surprising, given the scope of last year’s initial attacks and the notoriety they gained. The vulnerability used by WannaCry was reasonably easy to patch and correct, so why did a Fortune 100 company with a massive and competent IT staff fall victim to it a year after Zero Day?

 

It seems security patching is still an overlooked practice. It’s routine, time-consuming and basic, but very important, considering that known vulnerabilities are still used in attack exploits up to 10 years after they’ve been exposed. Knowing that a solution exists but not implementing the patches and updates needed to close the vulnerability still leaves your enterprise vulnerable to exploitation. Managed service providers are critical partners in your business because you rest assured that all available upgrades and patches for known vulnerabilities are occurring regularly, and in accordance with best IT practices across the board.

 

Business continuity and disaster recovery devices are also part of a mature defense against ransomware. By allowing data from compromised systems to be recovered with minimal losses, you can minimize the impact from attacks of this caliber.

 

SOS Technology Group is always available to assist with implementing these solutions, call us today.

Tech Headaches? We can help! Contact us now »