Two Years After WannaCry Severe Risks Remain

Two years ago, WannaCry ransomware invaded the globe spreading like wildfire, encrypting hundreds of thousands of computers, in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands crypto-currency in ransom to unlock them, had spread across the world in what looked like a co-ordinated cyberattack.

UK hospitals declared a ‘major incident’ after they were taken offline by the malware and railways and commerce were also attacked.   

Security researchers quickly realised the malware was spreading like a computer worm, across computers and over the network, using the Windows SMB protocol. Suspicion fell on some classified hacking malware developed by the National Security Agency, which weeks earlier had been stolen and published online for anyone to use.

An unknown hacker group, later believed to be working for the North Korean Government had used the published NSA cyber-weapons and they launched some attacks probably not realising how far the malware would go. The hackers used the NSA’s backdoor, DoublePulsar, to create a persistent backdoor that was used to deliver the WannaCry ransomware. Using the EternalBlue exploit, the ransomware spread to every other unpatched computer on the network.

A single vulnerablility and an internet-exposed system was enough to wreak havoc.

In just a few hours, the ransomware had caused billions of dollars in damages. Bitcoin wallets associated with the ransomware were used by victims to get their files back but often this did not work.

Trust in the intelligence services collapsed overnight. Lawmakers demanded to know how the NSA was going to rectify the severe damage it had caused.A month later, the world braced itself for a second round of cyberattacks in what felt like would soon become the norm.

Two years on, the threat posed by the leaked NSA tools remains a concern.

As many as 1.7 million internet-connected endpoints are still vulnerable, according to the latest data. This data is generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark, with most of the vulnerable devices in the US.

That only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices is likely significantly higher and WannaCry continue to be used to deliver all sorts of malware, and new victims continue to appear.

Just weeks before the city of Atlanta was hit by ransomware, cybersecurity expert Jake Williams found its networks had been infected by NSA’s malware. More recently, the NSA tools have been repurposed as a cryptocurrency mining to generate money from the vast pools of processing power.

WannaCry caused panic. Systems were down, data was lost and money had to be spent. It was a wake-up call that society needed to do better at basic cybersecurity. But with a million-plus unpatched devices still at risk, there remains ample opportunity for further abuse.

What we may not have forgotten two years on, clearly more can be done to learn from the failings of the past.

Techcrunch:         TechTarget:       neuways:

You Might Also Read:

Preventing Another WannaCry:

N. Korean Hacker Fingered For Wannacry Attacks:

 

« Digital Advertising Is A $Billion Ripoff
Cyber Command Knows Its Tools Can Also Be Used By Their Targets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Stratogent

Stratogent

Stratogent does IT and Cybersecurity operations. We specialize in high-touch and high-change IT environments, especially in the biotech and pharma industry verticals.

Dome9

Dome9

Dome9 is a cloud firewall management service that stops vulnerabilities, secures remote access, and centralizes policy management.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Aikido Technology Services

Aikido Technology Services

Aikido Technology Services is a leading-edge technology solutions provider, servicing the Pacific North West USA. We offer affordable IT solutions designed to streamline and secure your business.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Breathe Technology

Breathe Technology

Breathe Technology has been providing Managed IT Support/ Service Desk, Cloud Services, Cyber Security & Communications to businesses and schools since 2003.