WannaCry?
The WannaCry ransomware attack, taking place in our not-too-distant past, 2017, is one of the most devastating ransomware attacks to date. Spreading to over 200,000 computers, the ransomware wreaked havoc on any system it could, including those at FedEx, Honda, and Nissan. But it didn’t stop there. It attacked universities, hospitals, and telecommunication services.
A Cryptoworm
What set WannaCry apart from its predecessors was that this time the cybercriminals weren’t demanding wire transfers or gift cards. This time they demanded Bitcoin. Bitcoin is a form of cryptocurrency that can be used as payment. Right now, one bitcoin is worth around $57,000. You obtain bitcoin through ‘mining’ which is the process of using hardware and software to generate specific solutions that meet bitcoin criteria. By doing so you verify the legitimacy of a bitcoin and put it into circulation. The risks of bitcoin are that it is very expensive to mine and fluctuates in value. A minimum of $300 was most common but the amount demanded depended on the victim. WannaCry wasn’t just ransomware, it was a ransomware cryptoworm. It wasn’t the first of its kind, but it was the most destructive. WannaCry worked in the same way as most ransomware. It targeted Microsoft Windows operating systems, encrypting the user's data and demanding payment. Upon attack it would demand a payment ranging from $300 to $600 in the form of bitcoin. WannaCry threatened its victims by promising to delete all user files if the ransom went unpaid for three days. But this promise wasn’t even possible to keep. The attackers didn’t have a way to track which users had paid the ransom. Only one company out of the hundreds that were attacked reported getting their data back after payment.
The Kill Switch
The initial outbreak of WannaCry only lasted a few hours before a kill switch was discovered by cyber professional Marcus Hutchins. It prevented the ransomware from spreading further via the already infected computers. By using an exploit called Eternal Blue to navigate through systems, WannaCry was able to cause immense damage in only a few short hours. This exploit was originally developed by the NSA but was released to the public by the Shadow Brokers, a group of hackers known for publishing hacking tools. Both the U.S. and the U.K. have attributed the attack to North Korea but no one person or group was ever held responsible for the damages. Eventually WannaCry produced several variants, and the kill switch proved to be a temporary solution. Many of the encrypted computers remained unusable and the ransomware remained a threat until the proper patches were put in place.
Political Ramifications
The bulk of the damage was inflicted on the UK’s National Health Service, causing a plethora of problems at various health centers across the UK. Hospitals were forced to divert ambulances until they could get their systems back online. The ransomware had targeted blood-storage refrigerators, MRI machines, and other essential equipment forcing facilities to turn away non-critical patients and cancel around 19,000 appointments. Eventually, the problems caused by the attack on the NHS turned political, with claims that the attack could have been prevented if the NHS received proper funding for their software. Other victims include the University of Montreal, Russian Railways, several state governments in India, Telkom, and the Chinese Public Security Bureau. The attack led to no shortage of reactions. The U.S implemented the PATCH Act, a hearing was held by congress regarding the effects of the attack, and countless measures were taken to ensure that proper patches were in place to deal with the ransomware. Nissan Motor Manufacturing facilities were forced to shut down production in parts of England which coincided with FedEx who halted their services in multiple countries. After hitting over 150 countries, the damage done by the ransomware became inescapable. The economic losses are estimated to have totaled around $4 billion.
While we have made countless advances in our field, there is no way to outrun the existence of ransomware. From one cyber expert’s ability to find a kill switch to the preventive measures taken after the attack, WannaCry is a perfect example of how we can adapt to new threats.
