Two Years After WannaCry Severe Risks Remain

Two years ago, WannaCry ransomware invaded the globe spreading like wildfire, encrypting hundreds of thousands of computers, in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands crypto-currency in ransom to unlock them, had spread across the world in what looked like a co-ordinated cyberattack.

UK hospitals declared a ‘major incident’ after they were taken offline by the malware and railways and commerce were also attacked.   

Security researchers quickly realised the malware was spreading like a computer worm, across computers and over the network, using the Windows SMB protocol. Suspicion fell on some classified hacking malware developed by the National Security Agency, which weeks earlier had been stolen and published online for anyone to use.

An unknown hacker group, later believed to be working for the North Korean Government had used the published NSA cyber-weapons and they launched some attacks probably not realising how far the malware would go. The hackers used the NSA’s backdoor, DoublePulsar, to create a persistent backdoor that was used to deliver the WannaCry ransomware. Using the EternalBlue exploit, the ransomware spread to every other unpatched computer on the network.

A single vulnerablility and an internet-exposed system was enough to wreak havoc.

In just a few hours, the ransomware had caused billions of dollars in damages. Bitcoin wallets associated with the ransomware were used by victims to get their files back but often this did not work.

Trust in the intelligence services collapsed overnight. Lawmakers demanded to know how the NSA was going to rectify the severe damage it had caused.A month later, the world braced itself for a second round of cyberattacks in what felt like would soon become the norm.

Two years on, the threat posed by the leaked NSA tools remains a concern.

As many as 1.7 million internet-connected endpoints are still vulnerable, according to the latest data. This data is generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark, with most of the vulnerable devices in the US.

That only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices is likely significantly higher and WannaCry continue to be used to deliver all sorts of malware, and new victims continue to appear.

Just weeks before the city of Atlanta was hit by ransomware, cybersecurity expert Jake Williams found its networks had been infected by NSA’s malware. More recently, the NSA tools have been repurposed as a cryptocurrency mining to generate money from the vast pools of processing power.

WannaCry caused panic. Systems were down, data was lost and money had to be spent. It was a wake-up call that society needed to do better at basic cybersecurity. But with a million-plus unpatched devices still at risk, there remains ample opportunity for further abuse.

What we may not have forgotten two years on, clearly more can be done to learn from the failings of the past.

Techcrunch:         TechTarget:       neuways:

You Might Also Read:

Preventing Another WannaCry:

N. Korean Hacker Fingered For Wannacry Attacks:

 

« Digital Advertising Is A $Billion Ripoff
Cyber Command Knows Its Tools Can Also Be Used By Their Targets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

Verint Systems

Verint Systems

Verint is a leader in Actionable Intelligence with a focus on customer engagement optimisation, security intelligence, fraud, risk and compliance.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

CyCognito

CyCognito

CyCognito empowers companies to take full control over their attack surface by uncovering and eliminating the critical security risks they didn't even know existed.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

Eqlipse Technologies

Eqlipse Technologies

Eqlipse Technologies provides products and high-end engineering solutions to customers in the Department of Defense and Intelligence Community.

Black Belt Secure

Black Belt Secure

We provide critical cybersecurity services such as managed security, ransomware mitigation, penetration testing, system auditing and compliance services to your organization.