First and foremost, what is the WannaCry ransomware? It is an entirely preventable threat and one that left tremendous wreckage in its wake.
In 2017, one of the largest ransomware attacks in history occurred when over 200,000 computers running on Microsoft Windows across more than 150 countries were infected. The malware was able to spread so far and wide because routine security updates and other maintenance tasks were neglected. The WannaCry ransomware attack hit hospitals, government agencies, banks, and other institutions. Among the largest targets hit were the UK’s National Health Service (NHS), Spanish telecommunications giant Telefónica, and international shipping megacorp FedEx.
WannaCry ransomware stemmed from an alleged National Security Agency (NSA) leak of EternalBlue, a Windows exploit developed by the agency. The leak is believed to have occurred one month prior to the WannaCry ransomware attack. Though this attack occurred nearly five years ago, WannaCry still remains active today.
Is WannaCry Ransomware Still An Active Threat?
Unfortunately, yes, even though a security researcher discovered a kill switch within the WannaCry malware within the first week of the 2017 attack halting its momentum, it continues to wreak havoc today. While variants of the malware without the kill switch emerged, its spread hasn’t approached anything close to the massive scale of May 2017. In fact, the malware has been ramping up quite a bit. Reports indicate that there were 13,000 WannaCry attacks in March 2021, which was a 53% increase from January.
How Does WannaCry Ransomware Work?
This particular ransomware behaves like a worm, which means it spreads on its own through networks. Once it infects one PC, the malware then scans the network looking for other vulnerable devices to attack, allowing it to launch a large-scale attack spanning the globe. In the case of WannaCry ransomware, it was able to encrypt hundreds of thousands of PCs in mere hours. Although Microsoft had released a security update patching the EternalBlue exploit a few months prior to the attack, the ransomware had no problem finding unpatched PCs and devices running on outdated versions of Windows to encrypt.
Once WannaCry ransomware successfully infects a device, a screen appears alerting the user that hackers have encrypted the targeted PC’s hard drive and demanding a $300 ransom is paid in Bitcoin within 72 hours. The price doubles if the WannaCry ransomware victims are late with the ransom payment. Eventually, the encrypted files are destroyed if the victims refuse to pay.
What Were The Effects Of The WannaCry Ransomware Attack?
As one might expect from a cyberattack carried out on such an unprecedented scale, the fallout was massive. Hospitals, businesses, governments, and other sectors ground to a halt. For example, the NHS experienced a massive disruption when an estimated 19,000 medical appointments and surgeries were abruptly canceled because caregivers could not access patients’ medical records. In 2018, the British government revealed that the attack had cost over $100 million in damages. WannaCry ransomware was estimated to have cost organizations over $4 billion total.
The attack also eroded trust in government intelligence agencies. The NSA was criticized for stockpiling vulnerabilities instead of informing software developers and the cybersecurity community at large so they could develop fixes and protections against these threats.
Despite the hundreds of ransom payments made to various Bitcoin wallets, few, if any, WannaCry ransomware targets actually got their data back. Unless the targeted organizations had backups of their files, their vital and sensitive information was lost forever.
What’s The Best Way To Protect Your Data Against WannaCry Ransomware?
Regularly updating and patching your operating systems, software, and the like is a good starting point, but there’s always more you can do to be proactive in protecting your digital assets.
Don’t fall victim to the next cyberattack. Learn more about cybersecurity best practices today with SiteLock or contact us for details about our security products.