May 12 is a significant date in the cybersecurity world. It marks the anniversary of WannaCry, the biggest ransomware attack to date. It spread at unprecedented speed globally, infecting over 200,000 business and personal computers across 150 countries in just three days, and leaving chaos in its wake.
The global financial and economic losses resulting from the attack range are estimated to be in the range of hundreds of millions, to billions of dollars. The UK’s National Health Service (NHS) was hit particularly hard: over a third of NHS organizations were disrupted across the UK, resulting in the cancellation of nearly 20,000 hospital appointments and operations.
WannaCry was able to spread so rapidly because it exploited the Windows vulnerability MS17-010, known as the ‘EternalBlue’ exploit, which enabled attackers to execute code remotely on PCs. Microsoft had actually released a patch for the vulnerability in March 2017 — eight weeks before the WannaCry attack — yet the ransomware still managed to cause widespread damage because many organizations had not applied the patch their systems, and did not have appropriate security measures in place to block the ransomware.
And despite the worldwide disruption caused by WannaCry, many organizations still did not take the simple step of patching their systems. Just six weeks later, in June 2017, the NotPetya ransomware strain used the same EternalBlue exploit to attack Ukrainian critical infrastructure systems.
What’s even more surprising is that these two aggressive ransomware variants are still causing problems for businesses: in March 2018, Boeing was reported to have been hit by WannaCry. And New research from AV vendor, Avast, shows that 29% of Windows-based PCs globally are still not patched against EternalBlue – leaving them exposed to further exploits.
A patch in time …
So what should organizations do to mitigate their risk of falling victim to a damaging ransomware attack? Well first and foremost is to ensure that the latest software patches are always applied to systems, as quickly as possible. Ransomware can be sophisticated in many ways, but it’s also fairly dumb that all it needs is to be able to exploit a basic vulnerability in order to breach an organization. It relies on people skipping basic security tasks.
If those responsible for the City of Atlanta’s IT had applied the latest Windows patches before, or following the WannaCry attack last year, it probably wouldn’t have fallen victim to the SamSam ransomware attack which crippled its systems in March of this year (the patch for that vulnerability were released at the same time as those for WannaCry).
So patching is critical. Then, it’s a question of using the security best practices that can prevent, or dramatically limit the impact of all types of ransomware attacks. These are covered in detail here, but to recap, they include:
As the philosopher George Santayana wrote, ‘Those who cannot remember the past are condemned to repeat it.’ Remembering WannaCry and the damage it did just a year ago – and how easy it would have been to prevent much of that damage –will help ensure that your organization is better prepared for the next ransomware attack.
Receive notifications of new posts by email.