What some have called “the worse ransomware attack ever” struck in May 2017, infecting an estimated 300,000 computer systems in just four days. WannaCry was similar to many ransomware attacks, i.e. it encrypted files and demanded a Bitcoin payment to decrypt them.
However, it differed in one major way: worm tactics.
Once WannaCry infected a machine, it scanned the connected LANs and WANs to find and attack other vulnerable hosts. The subsequent infections occurred automatically without user interaction.
This allowed WannaCry to seize entire networks and even hop to others, rapidly sparking a flash epidemic worldwide.
The National Health Service in the U.K. was hit particularly hard, with at least one-third of health trusts (i.e. healthcare offices and services) disrupted and over 19,000 appointments canceled, including surgeries.
Stolen NSA Cyber Weapons
WannaCry spread via EternalBlue, an exploit for Windows Server Message Block version 1 (SMBv1), a legacy network file-sharing protocol present in every version of Windows released in the last 15 years (and maybe more).
The exploit is allegedly from a cache of cyber weapons stolen from the U.S. National Security Administration (NSA) and released publicly on April 14, 2017.
Microsoft issued a patch for the vulnerability on March 14, 2017. When the attack began, every Windows system that had not been patched within eight weeks was vulnerable.
How Your Business Can Avoid a WannaCry
- Patch Vulnerabilities: The importance of patching cannot be overstated. When WannaCry struck, administrators with freshly patched Windows machines were safe.
- Plan for Disaster: This attack targeted a vulnerability in millions of Windows systems. A patch had been available for only about two months. Another attack of this scale is always possible. If your systems are compromised, what will you do? If you don’t already have one, get a backup and disaster recovery plan in place.
- Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.