Two Years After WannaCry Severe Risks Remain

Uploaded on 2019-06-06 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Two years ago, WannaCry ransomware invaded the globe spreading like wildfire, encrypting hundreds of thousands of computers, in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands crypto-currency in ransom to unlock them, had spread across the world in what looked like a co-ordinated cyberattack.

UK hospitals declared a ‘major incident’ after they were taken offline by the malware and railways and commerce were also attacked.   

Security researchers quickly realised the malware was spreading like a computer worm, across computers and over the network, using the Windows SMB protocol. Suspicion fell on some classified hacking malware developed by the National Security Agency, which weeks earlier had been stolen and published online for anyone to use.

An unknown hacker group, later believed to be working for the North Korean Government had used the published NSA cyber-weapons and they launched some attacks probably not realising how far the malware would go. The hackers used the NSA’s backdoor, DoublePulsar, to create a persistent backdoor that was used to deliver the WannaCry ransomware. Using the EternalBlue exploit, the ransomware spread to every other unpatched computer on the network.

A single vulnerablility and an internet-exposed system was enough to wreak havoc.

In just a few hours, the ransomware had caused billions of dollars in damages. Bitcoin wallets associated with the ransomware were used by victims to get their files back but often this did not work.

Trust in the intelligence services collapsed overnight. Lawmakers demanded to know how the NSA was going to rectify the severe damage it had caused.A month later, the world braced itself for a second round of cyberattacks in what felt like would soon become the norm.

Two years on, the threat posed by the leaked NSA tools remains a concern.

As many as 1.7 million internet-connected endpoints are still vulnerable, according to the latest data. This data is generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark, with most of the vulnerable devices in the US.

That only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices is likely significantly higher and WannaCry continue to be used to deliver all sorts of malware, and new victims continue to appear.

Just weeks before the city of Atlanta was hit by ransomware, cybersecurity expert Jake Williams found its networks had been infected by NSA’s malware. More recently, the NSA tools have been repurposed as a cryptocurrency mining to generate money from the vast pools of processing power.

WannaCry caused panic. Systems were down, data was lost and money had to be spent. It was a wake-up call that society needed to do better at basic cybersecurity. But with a million-plus unpatched devices still at risk, there remains ample opportunity for further abuse.

What we may not have forgotten two years on, clearly more can be done to learn from the failings of the past.

Techcrunch:         TechTarget:       neuways:

You Might Also Read:

Preventing Another WannaCry:

N. Korean Hacker Fingered For Wannacry Attacks:

 

« Digital Advertising Is A $Billion Ripoff
Cyber Command Knows Its Tools Can Also Be Used By Their Targets »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

SensCy

SensCy

SensCy is a Trusted Guide for Sensible Cybersecurity for small and medium-sized organizations.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

AKS iQ

AKS iQ

AKS iQ leads the RegTech sector with AI, automating regulatory compliance in the banking industry and ensuring paperless TBML and CFT adherence in finance.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.

OrbiSky Systems

OrbiSky Systems

OrbiSky Systems is a British tech startup specializing in data management and cybersecurity solutions.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.