Some anniversaries are designed to send shivers down the spine, and world of Information Technology is no exception. May 2022 marks five 5 years since the worldwide WannaCry ransomware cryptoworm targeted Microsoft operating systems.
The malicious code took effect by encrypting data and demanding ransom payments in Bitcoin. It is most likely that the origin of the attack was from within North Korea. WannaCry was ultimately undone by one self-taught security researcher identifying a single ‘quick trick’ to disable WannaCry’s most destructive features. However, ransomware has since become more sophisticated.
As ransomware attacks continue to be a major security issue, best practices to avoid similar attacks are still front-of-mind for organizations.
Considering the appropriate strategies for Digital Journal is Ariel Parnes—co-founder and COO of Mitiga, a cloud incident response company.
Beginning with recent history, Parnes says: “In May 2017, the WannaCry ransomware cryptoworm attack targeted computers running Microsoft Windows, encrypting data and demanding ransom payments in Bitcoin. Leveraging the EternalBlue exploit that the National Security Agency developed for older Windows Systems, it was effective against organizations that had not implemented patches for the exploits or were still using old Windows systems that were no longer supported by Microsoft.”
This brings with it the importance of ensuring that legacy systems are kept up-to-date or replaced as necessary.
Parnes continues with the scale of the attack: “Some estimated that the attack impacted more than 200,000 computers in at least 150 countries, with damage costs ranging from hundreds of millions to billions of dollars.”
Now the digital dust has settled, what has the industry learnt? Parnes summarizes: “Five years later, how would the world respond to a massive attack like WannaCry? Are we more ready now to respond to a similar incident? As we know, patching vulnerabilities can be a time-consuming and complex process today too — just look at the number of organizations that have yet to patch Log4Shell four months after it was announced.”
However, more needs to be done as Parnes points out: Patching alone isn’t enough to stop attackers. They may have already used a vulnerability to gain access to an environment, and too few organizations conduct regular proactive threat hunting.”
As to new and novel approaches for today’s technology world, Parnes states: “To ensure that organizations today are prepared for a global cryptoworm like WannaCry, they need to think beyond prevention solutions.”
He adds: “While those solutions are a valuable and necessary part of cybersecurity today, adopting an approach that prioritizes readiness and includes automation to accelerate incident investigation and resolution. Without a change in approach to address changing capabilities and attack vectors of threat actors, we are still as vulnerable as we were five years ago.”
