The WannaCry Attacks

In May of 2017, a worldwide cyberattack occurred. This attack was a ransomware crypto worm called WannaCry. Before we dive into the specifics of WannaCry, we must understand what ransomware and crypto worms are.  Ransomware is a malicious software that threatens the user that it will make their sensitive information public or will display a fake FBI threat. The attacker will demand payment from the user so that the software can be removed from the computer. However, the attackers will get the victim’s information either way. Another technique an attacker will use is called a crytoriral extortion. This attack encrypts the user’s files to make them inaccessible and demands that the victim pays them money to decrypt their information. A crypto worm is another name for a worm. A worm is malware that can replicate itself without user intervention.

The WannaCry malware attack went after the Microsoft Windows Operating System. The attack used something called EternalBlue. EternalBlue is the name given to a software vulnerability in Windows (MS17-010). EternalBlue was made by the National Security Agency (NSA). The exploit was then leaked to the public. The MS17-010 is an exploit that abuses the Remote Windows Kernel Pool Corruption. This means that the attacker can use something called Metasploit to carry out this attack. Metasploit is a widely used tool used for penetration testing. With the help of Metasploit, an attacker can use this to gain remote desktop on a computer. Remote desktop is a program on the operating system that allows a user to connect to another computer from another location.  Now when we put this all together, this is a scary situation.

The origins of the WannaCry attack is up for dispute. However, experts say that the attacks trace back to North Korea. The WannaCry attack was estimated to have affected over 200,000 computers across 150 countries. The damages ranging from the hundreds. Of millions to the billions of dollars. WannaCry exposed a vulnerable SMB port. It was reported that within one day it infected more than 230,000 computers in over 150 countries. The attack was very successful against computer that did not install the Windows April 2017 security patch. It was extremely successful against unsupported operating systems like Windows XP, Windows 7 and even Windows Server 2003. The most interesting part about WannaCry that 98% of the infected computers were running Windows 7 according to a study done by Kaspersky Lab.

The WannaCry attack affected more than just singular people, it affected huge companies and corporations around the world. The most affected countries were Russia, Ukraine, India and Taiwan. Some of the bigger companies that were hit included National Health Service hospitals in England and Scotland, Nissan Motor Manufacturing in England, FedEx in Spain and Telefonica in Spain. Of course, there were more companies that were affected. You can find a list of them here:

 

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

 

So, this brings us to what we can do to better protect ourselves from these types of attacks in the future. The first thing we can do is to always update your machine. The best way to update your machine is to enable automatic updates. Windows has something called Patch Tuesday. This is where they will put of a new patch every Tuesday to better their operating systems. So, having this on will allow you to install these updates without you having to worry about updating your computer. Next, is to install a supported operating system. This means that the company who made it, will keep supporting it by putting out patches. An example is Windows 10. Next, make sure you have your firewall up. A firewall will protect you against Nmap attacks that will scan your computer for port openings. We learned that WannaCry exploited a SMB port. A firewall will hide open ports and help to close them while they are not in use to reduce the chance of attacks. Finally, make sure you have anti-virus installed on your computer. After WannaCry, the big anti-virus software companies developed a patch to protect against WannaCry. So, this will protect you in the future and will help defend against other attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

shares