Talk About

Three years on from WannaCry… What happened and what have we learnt from it

12 May 2017 appeared to be the end of the world, as BBC News, Sky News and other major news publications were reporting that the National Health Services (NHS) had just been hit with a devastating Cyberattack – specifically a Ransomware attack called Wannacry. I remember watching the news and just thinking of how serious it was and how it could have happened to the NHS. The outbreak nearly crippled the NHS, and following the third anniversary of the ransomware attack, we look back at how the attack happened, how it could have been prevented, and what has changed since it emerged.

What is the WannaCry Ransomware?

WannaCry was a devastating Ransomware worm that spread quickly through a large number of computer networks and systems on May 2017. It then encrypted computer files, which in effect made it impossible for users to access them. For users to gain access to their data a payment had to be made in bitcoin to decrypt the data. It is also important to mention that the NHS did not only go through this, many other prominent businesses such as Renault, Hitachi, Fed Ex amongst others also suffered from the attack. 

What you’ll see if your computer was infected by WannaCry

How did WannaCry come to be?

WannaCry used a zero-day threat to exploit a Microsoft vulnerability that had only recently been uncovered. A Zero-Day Exploit is a vulnerability where the general public is simply not aware that a vulnerability on a system, software or server exists. You only become aware of the vulnerability on the same day the weakness is discovered in the software and is now being exploited.

A group called the Shadow Brokers released a list of Microsoft Windows vulnerabilities that the US National Security Agency already knew about. However, Microsoft itself was not aware of such vulnerabilities at the time. 

Eventually, Microsoft found out and quickly developed and released patches for these vulnerabilities. Unfortunately, cybercriminals were able to take advantage of the fact that users of windows systems throughout the world did not apply the patch immediately. This left their computers exposed when the virus started spreading. The combination of an unknown threat (not yet known to signature-based anti-malware solutions) and an unpatched vulnerability led to WannaCry wreaking havoc.  

The impact of the WannaCry ransomware

Over 40 businesses were affected. It caused approximately £19m of lost output and £73m in IT costs. £72m was spent on restoring systems and data in the weeks after the attack. Doctors and nurses were forced to cancel around 19,000 appointments after the virus locked down computers in 80 severely affected trusts in May 2017. 

How was it stopped?

The WannaCry ransomware attacks that started on May 12 2017 were blocked quickly when a kill switch was identified and activated. Marcus Hutchins, a British security researcher, discovered the ransomware checked a domain name before encrypting data, but that domain name had not been registered. He purchased the domain name, therefore preventing further execution.

Marcus Hutchins, the man who found the WannaCry kill switch

What have we learnt from WannaCry?

First and foremost, WannaCry tells us how important it is to frequently patch our systems as soon as Microsoft releases patches to the public. A report  issued by the UK’s National Audit Office revealed that the NHS could have prevented the attack with basic IT security practices. 

Furthermore, two months before the NHS was hit by WannaCry, they were warned to patch the vulnerabilities in their systems which later allowed WannaCry to spread and cause chaos. Three years later have the NHS now taken IT security seriously?  Well, in 2018, the Department for Health and Social Care announced that NHS devices will be upgraded to Windows 10, which features significantly more robust security tools. 

As it is now the year 2020, we can only assume that NHS systems are running on Windows 10. Additionally, we hope that businesses and people have upgraded older operating systems, patched their systems, and have backups in place to drastically lessen the impact of ransomware should it happen again in the future. However, this may not be the case for some, as in the early part of 2020 researchers revealed that WannaCry dominated and accounted for 40.5 per cent of all its ransomware detections in Q1 2020. 

Therefore, it appears that WannaCry is still a problem and lack of patching is still being ignored by many. Moreover, the lack of security training concerning how to spot a phishing email and what to do is still an alarming concern.

How to defend yourself from it?

You can prevent Wannacry by making sure you regularly update your computer with the latest patches. Regularly backup your files, folder, settings etc. Perform backups every day, once every few days or at least once a week. Regularly download updates for your anti-malware protection to make sure its signature database is up-to-date.

Conclusion

Looking back, I would say that the world was incredibly fortunate that Marcus Hutchins found the kill switch and helped quickly prevent WannaCry from becoming even more devastating. Three years Cybersecurity is being taken more seriously, but more work needs to be done. 

By Michael Ogunjimi

Leave a Reply