WannaCry Attack Is A Big Wake-Up Call

Uploaded on 2017-05-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

2017 Can be marked as “The year of Ransomware” when we witnessed some massive ransomware attacks. 

Amongst recent ransomware attacks WannaCry has turned out to bet the most crippling yet. It shook the entire world in a weekend. More than 200,000 devices in 150 countries were affected, including hospitals, banks and major telecom industries.(image shows geographic extent of the initial attack).

The WannaCry ransomware outbreak is a wake-up call for the world. WannaCry, also known as WanaCrypt0r 2.0, can penetrate Microsoft Windows systems by exploiting a vulnerability called EternalBlue,orginally developed by the NSA, then stolen by hackers. It highlights not only our interconnectedness and dependency on technology but the massive challenge we face in securing the software systems we rely on.

Here’s How It Works 
WannaCry which derives from WannaCrytpt or WannaCyptor first, locks up your computer until the owner agrees to pay the ransom. And yes, the longer you wait the more you suffer. Cyber criminals are demanding ransom of 300$ in the form of bitcoin currency to set your computer free. If you don’t pay up, then after a week the hackers threaten you to permanently delete all your data and important files. Although, we ‘ve been hearing the “Don’t pay the ransom” catchphrase all our lives, but seems like some users have already paid 50,000$ bitcoin in ransom so far.

The WannaCry infection stood out from earlier attacks for the speed with which it spread, and the way that the code was used to lock down infected computers until their users paid a ransom. It is a wake-up call at a time when the fight for cyber security already looked perilous.

The attack followed the leak earlier this year of a batch of cyber-weapons built by the US National Security Agency. One of them, according to computer security experts, provided the blueprint for the latest malware. If so, that is a serious black mark for the security services. It is unrealistic to expect agencies like the NSA to voluntarily give up cyber-offence, particularly when their adversaries are likely to have similar digital armaments. But a stronger public debate is needed about what these weapons are for, how they are being protected and how they might be used. Not only is it unclear what software is being stockpiled or how it is being protected, but there is no disclosure about whether — or how — the weapons are actually used.

The second notable point about the WannaCry worm is that it was able to spread so far, and so fast. For Microsoft, that makes it an uncomfortable reminder of how devastating even one software vulnerability can be. The company acted quickly to produce a fix for versions of the software it no longer supports, like Windows XP. But successive generations of the operating system have been found wanting. Windows 10, launched in 2015, was not vulnerable to the ransomware and is widely viewed as a big step forward in safety — but it will be many years before all the older software is retired. Stronger incentives are needed to prompt users to replace rather than patch out-of-date pieces of code like Windows XP. Microsoft should do everything it can to move users on to newer, safer software.

When it comes to current software, effective carrots and sticks are needed to persuade companies, governments and individuals to do what everyone knows needs to be done: patch their computers when a flaw is discovered. Stronger rules are required to force companies to disclose when they have succumbed to a cyber-attack, and penalties may be needed to encourage us all to be better cyber-citizens.

Many pieces of digital equipment, like the MRI scanners used by the UK’s National Health Service, which run Windows XP, cannot be upgraded as easily as a PC. The severity of last week’s attack shows that a concerted effort is now well past due. This is reminiscent of the millennium bug, another serious threat that forced an overhaul of many computer systems at the end of the 1990s.

Today’s cyber security crisis is starting to look every bit as serious, and it demands an equally sweeping response. Governments and companies alike must invest the time and money to keep us safe.

Though damaging, the WannaCry worm was not the worst that could have happened. It could have been used to wipe out the data on computers it infected. The ransomware has been a costly nuisance. Next time, we might not be so lucky.

SysTweak Blog:         FT.com

You Might Also Read: 

Massive Ransom Attack Hits 99 Countries:

Microsoft, Kaspersky & Symnantec Weigh In On WannaCry Ransomware:

Ransom Worm: The Next Level Of Cybersecurity:

 

 

« Hackers Came, But the French Were Prepared
US Reduces Crime Rates Using Effective IT »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

Cingo Solutions

Cingo Solutions

Cingo Solutions is a Managed Detection & Response company providing specialized data security services.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

Sealing Technologies (SealingTech)

Sealing Technologies (SealingTech)

SealingTech is a leader in cutting edge research, products, engineering, and integration services in the Internet of Things, Edge, Machine Learning, Artificial Intelligence, and Cloud.

Antigen Security

Antigen Security

Antigen Security is a Digital Forensics, Incident Response and Recovery Engineering firm helping businesses and service providers prepare for, respond to, and recover from cyber threats.

Hexiosec

Hexiosec

Hexiosec (formerly Red Maple Technologies) is a technical consultancy and product company founded and run by engineers from the UK Intelligence and Defence communities.