Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    A Year After WannaCry, What Lessons Have Been Learned?

    By
    Sean Michael Kerner
    -
    May 11, 2018
    Share
    Facebook
    Twitter
    Linkedin
      WannaCry Ransomware

      On May 12, 2017, the ransomware attack known as WannaCry was first reported, ushering in a new generation of ransomware worm attacks. WannaCry impacted organizations around the world, and its legacy continues today. 

      Within the first few hours of its attack, WannaCry shut down hospitals in United Kingdom and was infecting files at Spanish telecom firm Telefonica. By end of the day on May 12, WannaCry had spread to more than 74 countries and became the single most prolific and fast spreading ransomware attack of all time.

      The attack spread around the world, fueled in part by an exploit that made use of a vulnerability that Microsoft had patched in March 2017. The MS17-010 advisory released on March 14 patched a flaw in Microsoft’s SMB server. That flaw was publicly revealed by a group known as the Shadow Brokers the next month and was allegedly weaponized by the National Security Agency (NSA) as an exploit known as EternalBlue.

      Even though Microsoft had a patch available in April and even though news of WannaCry made headlines around the world on May 12, organizations were still feeling the impact months later. On June 22, eWEEK reported that among the victims of WannaCry in June were Honda Motor Co. in Japan and traffic cameras in Australia.

      Attribution

      While there was some early speculation about the source of the WannaCry attack, it wasn’t until December 2017 that the U.S. government made a formal accusation. On Dec. 19, the U.S. formally pointed the finger at North Korea for being behind WannaCry.

      WannaCry helped to inspire multiple follow-up attacks, including the NotPetya ransomware campaign that appeared in June 2017, which likely surpassed WannaCry in terms of financial damages. Like WannaCry, NotPetya made use of the EternalBlue exploit in order to spread across networks. In February 2018, the U.S. government formally blamed Russia for NotPetya.

      WannaCry Today

      “There are WannaCry instances on the internet today,” Vikram Thakur, technical director of Symantec Security Response, told eWEEK. “This is the nature of worms, whereby they only truly go away when every single computer in the world is immune to their method of spreading.”

      Proofpoint is also still seeing WannaCry on a daily basis. Kevin Epstein, vice president of threat research at Proofpoint, said that his firm continues to detect hundreds of samples of WannaCry daily on its worldwide sensor network, although network activity is much lower than at the height of the attack. 

      “It appears that WannaCry never really went away but instead continued propagating more slowly,” Epstein said.

      Legacy

      WannaCry stands out for a number of reasons.

      “WannaCry was the largest attack seen in terms of computers impacted by a single strain of ransomware,” Thakur said.

      That said, Thakur noted that more computers have been impacted, historically, by single strains of non-ransomware malware. Also, he said that a number of other ransomware campaigns have made more money for attackers than WannaCry (e.g., Cryptolocker, SamSam, Cerber, etc.).

      Also of note is how the attack has inspired other campaigns in the months since the initial appearance of WannaCry. The methods used by WannaCry have now found their way into cryptocurrency mining botnets, according to Proofpoint. 

      “One of our researchers [Kafeine] published findings on a Monero mining botnet, Smominru, in which the primary method of infection was EternalBlue,” Epstein said. “As more organizations deploy available patches against these exploits, we expect that both financially motivated and state-sponsored threat actors will continue to innovate, finding new means of large-scale infection to achieve their goals.”

      Lessons Learned

      For organizations of all sizes, there are lessons that can be learned from the WannaCry incident. There are obvious lessons, such as the critical importance of patching and having backups, but there are others as well.

      As one of the most publicized cyber-attacks of recent years, WannaCry was a wakeup call for many businesses, and the media coverage it received has helped companies bring cyber-risk to the attention of their boards and executive teams, Epstein said.

      Organizations and the security industry in general have begun prioritizing the types of models and hygiene measures that would help defend against WannaCry-type attacks, he said. On the model side, there are zero trust frameworks, like Google’s BeyondCorp, which requires everything to be trusted in order for communication to occur. For improved hygiene methods, organizations are now looking at shorter patch windows and implementing network segmentation to limit risk exposure.

      Epstein said WannaCry is an example of a rare but high-impact, black swan-type incident, as opposed to the day-to-day phishing, fraud and other similar issues exploiting humans rather than vulnerabilities that most organizations see much more frequently. 

      “Bottom line, companies should make it a priority to improve their defenses against increasingly targeted and sophisticated attacks across email, mobile devices, and social media, in addition to ongoing widespread malware and phishing campaigns,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×