Two Years After WannaCry Severe Risks Remain

Two years ago, WannaCry ransomware invaded the globe spreading like wildfire, encrypting hundreds of thousands of computers, in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands crypto-currency in ransom to unlock them, had spread across the world in what looked like a co-ordinated cyberattack.

UK hospitals declared a ‘major incident’ after they were taken offline by the malware and railways and commerce were also attacked.   

Security researchers quickly realised the malware was spreading like a computer worm, across computers and over the network, using the Windows SMB protocol. Suspicion fell on some classified hacking malware developed by the National Security Agency, which weeks earlier had been stolen and published online for anyone to use.

An unknown hacker group, later believed to be working for the North Korean Government had used the published NSA cyber-weapons and they launched some attacks probably not realising how far the malware would go. The hackers used the NSA’s backdoor, DoublePulsar, to create a persistent backdoor that was used to deliver the WannaCry ransomware. Using the EternalBlue exploit, the ransomware spread to every other unpatched computer on the network.

A single vulnerablility and an internet-exposed system was enough to wreak havoc.

In just a few hours, the ransomware had caused billions of dollars in damages. Bitcoin wallets associated with the ransomware were used by victims to get their files back but often this did not work.

Trust in the intelligence services collapsed overnight. Lawmakers demanded to know how the NSA was going to rectify the severe damage it had caused.A month later, the world braced itself for a second round of cyberattacks in what felt like would soon become the norm.

Two years on, the threat posed by the leaked NSA tools remains a concern.

As many as 1.7 million internet-connected endpoints are still vulnerable, according to the latest data. This data is generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark, with most of the vulnerable devices in the US.

That only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices is likely significantly higher and WannaCry continue to be used to deliver all sorts of malware, and new victims continue to appear.

Just weeks before the city of Atlanta was hit by ransomware, cybersecurity expert Jake Williams found its networks had been infected by NSA’s malware. More recently, the NSA tools have been repurposed as a cryptocurrency mining to generate money from the vast pools of processing power.

WannaCry caused panic. Systems were down, data was lost and money had to be spent. It was a wake-up call that society needed to do better at basic cybersecurity. But with a million-plus unpatched devices still at risk, there remains ample opportunity for further abuse.

What we may not have forgotten two years on, clearly more can be done to learn from the failings of the past.

Techcrunch:         TechTarget:       neuways:

You Might Also Read:

Preventing Another WannaCry:

N. Korean Hacker Fingered For Wannacry Attacks:

 

« Digital Advertising Is A $Billion Ripoff
Cyber Command Knows Its Tools Can Also Be Used By Their Targets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Bandura Cyber

Bandura Cyber

Bandura provides network security solutions for automated protection against inbound attacks and outbound data loss.

Protectimus

Protectimus

Affordable two factor authentication (2FA) provider. Protect your data from theft with multi factor authentication service from Protectimus.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

MindPoint Group

MindPoint Group

MindPoint Group is a specialist Information Security Consulting firm.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

MPC Alliance

MPC Alliance

The mission of the MPC Alliance is to accelerate adoption of MPC (Multi-Party Computation) technology.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

Galvanick

Galvanick

Galvanick enables your operations and IT teams to protect your industrial systems and networks against digital threats.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.