Everyone should be aware of the WannaCry ransomware attack. The attack has affected businesses across the globe, including hospitals, schools, and financial institutions, as well as many other companies.
The attack first began on May 12, 2017, when a ransomware virus called WannaCry affected computers by holding sensitive data hostage. This ransomware not only encrypted files on various networks, but it also demanded a ransom to be paid in Bitcoin to unlock the files.
Here are some of the ways that the WannaCry virus impacted businesses and organizations around the world.
What Was the WannaCry Ransomware Attack?
The WannaCry ransomware attack was a worldwide cyberattack that targeted Microsft Windows operating systems. Its modus operandi was simple: it would encrypt key files and demand a ransom of between $300-600 in Bitcoin cryptocurrency for their safe return.
The virus was propagated via EternalBlue, which was an exploit developed by the National Security Agency (NSA) to attack older Windows systems. EternalBlue had been leaked in 2016, a year before the WannaCry attack. In response, Windows had released patches to minimize the exploit.
However, many computers did not receive these patches as users failed to update their systems. This meant that hundreds of thousands of computers were left vulnerable, with devastating consequences.
What was the Impact of the WannaCry Cyber Attack?
A total of 150 countries were affected by the WannaCry ransomware attack, with over 200,000 victims and 300,000 computers infected. The initial attack was carried out via an exposed vulnerable SMB port, as opposed to email phishing which is commonly used to distribute ransomware.
230,000 were reported to have been infected within a single day. Experts immediately advised organizations not to pay the ransom or to give in to the demands of the hackers, but many failed to heed this advice out of desperation.
The combination of paid ransoms and costs incurred by the damage totaled an estimated $4 billion across the globe. One of the first victims was a Spanish mobile company, Telefonica, but perhaps the hardest hit was the National Health Service (NHS) in the UK.
A third of NHS hospital trusts were targeted by the virus. This led to catastrophic repercussions, with ambulances being rerouted, denying urgent care to those who needed it most. Additionally, 19,000 appointments were canceled due to the virus. This is estimated to have cost the NHS £92 million, which is roughly converted to $57 million.
Who was Affected by WannaCry?
The NHS was one of the largest casualties throughout the cyber attack. An estimated 70,000 devices were targeted by ransomware, including computers, MRI scanners, theater equipment, and storage refrigerators.
This had a domino effect, where non-critical patients had to be turned away and numerous patients were left without care. Surgeries were compromised and appointments were canceled, delaying important treatment.
In addition to the NHS, Nissan Motor Manufacturing in the UK was forced to halt production after their system was attacked. In Spain, Telefonica, FedEx, and Deutsche Bahn all fell victim.
Europol considers the scale of the attack entirely unprecedented, as most of the world was affected in some way. However, it is maintained that the attack could have been far worse, especially if the virus had targeted critical infrastructures such as dams, railway systems, or nuclear power plants.
How Does WannaCry Work?
WannaCry is officially categorized as a ransomware cryptoworm. If you aren’t familiar, a cryptoworm is a type of ransomware that spreads through repeated replication. It duplicates itself throughout multiple computers whilst still remaining active on the original host.
Cryptoworms are different from conventional viruses as they require no input from a human being to operate. They propagate entirely individually once initially released, which is largely why they are capable of spreading so quickly. They are also notoriously difficult to detect before it’s too late.
One of the most nefarious aspects of WannaCry is its ability to detect its own kill switch. If the kill switch domain name is detected, the malware will not proceed to infect. However, if it is not detected, the mass encryption of files will proceed.
What did WannaCry Demand?
By using a Windows operating system exploit, WannaCry could invade a computer and encrypt many or all of its files. The user would then be prompted to make a donation of $300 of Bitcoin, which later increased to $600.
The ransom had a short deadline of just three days. If victims failed to pay, the encrypted files would be deleted permanently. Given the high-level status of many of the targeted organizations, this would have been a disastrous result.
This is especially true for the NHS, where files mostly related to patient care and personal, private information. Their ability to offer care was severely restricted by the attack, causing chaos throughout hospitals.
When it comes to a ransom, the advice is to never pay the demanded amount. This is for two key reasons:
- There is no guarantee the criminals will honor their commitment
- You are connecting yourself financially to a criminal group
Paying the ransom in this instance was an especially poor decision. With ransomware such as WannaCry, there is no way for hackers to know which computers have paid or haven’t, as the money was anonymously given. Therefore, the hackers could never release the encrypted files of a computer as they didn’t know if they had paid or not.
How did Businesses and Organizations Respond?
Experts strongly advised that businesses and organizations affected by WannaCry do not pay the ransom. This was largely due to the reasons stated above, but also because it was feared that if the attack generated great income then copycat viruses would later emerge.
Despite this, a total of 327 payments had been made in response to the ransom, amounting to over $130,000 in transfers. Sheer desperation fueled many of these transfers, which is precisely what the hackers were counting on.
In response, Windows released a series of out-of-band security updates in an attempt to seal the exploit. These updates largely targeted end-of-life products such as Windows XP, Windows Server 2003, and Windows 8. All organizations were advised to update their operating systems as soon as possible, to prevent a potential attack.
Who was Behind the Attack?
The United States Government formally announced that the WannaCry cyber attack had emerged from North Korea, or at least from agents working on their behalf. Evidence unearthed following an investigation by President Trump’s Homeland Security Advisor indicated that Kim Jong-un had ordered the release of the malware.
In addition to the United States, the United Kingdom, Canada, New Zealand, and Japan all agreed with North Korea being the culprit after reviewing the evidence. North Korea denied all involvement and continues to do so.
Stay Vigilant for Ransomware
The overwhelming lesson from this crippling attack is to stay updated. Part of the reason WannaCry was able to infect so many devices and incur so many victims was because their systems did not possess the relevant security updates.
It can take minutes to update your system accordingly, so don’t ignore it. These patches exist for a reason, and the time you lose waiting for your computer to update is nothing compared to what you could lose from a malicious cyber attack.
Christian Scott is the founder and operator of Malware Brains, a comprehensive cybersecurity website dedicated to educating individuals and businesses about malware and its impacts on society. With over 25 years of collective industry experience, Christian and his team of experts provide unbiased, factual information to help users understand and mitigate the risks associated with malicious software.
