Exploring the WannaCry ransomware cyber attack
17th May 2017
What was the WannaCry cyber attack and who did it effect?
You may have been effected by the latest WannaCry Ransomware Cyber Attack. Are you confident you won’t get hit next time?
Who was effected by this cyber attack?
As reported by the BBC, the latest ransomware attack (dubbed WannaCry) effected organisations worldwide, causing major disruption and potentially costing businesses millions of pounds. As reported by The Telegraph, there were 200,000 organisations that fell victim across 150 countries, with the NHS being a prime target. The co-ordinated attack crippled at least 47 NHS organisations across England in less than six hours, with thousands of emergency operations, tests and appointments disrupted. Elsewhere, O2 Telefónica was hit and Nissan’s manufacturing plant in Sunderland was also closed due to the attack.
How does ransomware work?
As you may already be aware, malware is delivered to the unwitting recipient as a Trojan through a link usually within an email and attachment. Once activated, it spreads throughout the computer system, locking and encrypting all files. They are then held for ransom, with a message appearing on the victim’s computer screen demanding payment in return for the files. Coinciding with the ransom demand is usually a threat to destroy the data if payment is not made, along with a countdown to deletion.
What is WannaCry?
WannaCry (also known as Wanna Decryptor and WanaCrypt0r 2.0) is a malicious form of computer virus or malware, more commonly known as ransomware. It exploits a flaw in Microsoft Windows, which was first identified America’s NSA intelligence agency.
Any computers that do not have the latest Microsoft Windows security updates applied are at risk of infection. Organisations are particularly at risk, because WannaCry has the ability to spread itself within corporate networks without user interaction, which was executed by exploiting a known vulnerability.
The initial means of infection remains unconfirmed but somewhere in Europe an unwitting computer user opened an email and an attachment within that email, a compressed zip file, allowing WannaCry into their system.
What could the next WannaCry look like?
Android is the most common operating system today; it is estimated that there have been 1.3 billion Android devices shipped. Android uses the Linux kernel as it core, this core is shared by many corporate systems, as it is open-source.
Should a ‘zero-day’ exploit be found within the Linux kernel that has been present for many years, such as CVE-2017-6074, (which was present for 11 years prior to it being patched), it could allow for an exploit to be developed that effects a large range of Linux based systems. This has happened in the past in the case of Stuxnet, which is widely attributed to the NSA, for the purposes of international espionage.
When the next big infection occurs, it could affect over 50% of devices with no fix known at the time of release. These devices could be ransomed, vandalised or used to gather large amounts of data. Considering a large amount of the content on the internet is served by Linux based operating systems much of the internet could be taken down affecting the world-wide economy.
State of play
Ultimately, with the continuous ingenuity of hackers, no business is safe, no matter the size, industry or turnover. The latest ransomware attack is testament to this. This recent attack has highlighted the need for everyone to enforce robust measures to protect against cyber-attacks, which could target them at any time.
Companies that don’t adequately prepare themselves against a cyber-attack not only face a risk to their reputation and financial assets, but also expose themselves to fines, prosecution or civil proceedings if they are found to have been unprepared to respond to a cyber incident. This will be compounded by the looming GDPR, which takes effect on May 25th 2018 and is a topic that CYFOR will touch upon at a later date.
How can we help?
As part of our extensive service offering, CYFOR provide a comprehensive Cyber Security Audit, which includes a Vulnerability Assessment designed to analyse and expose the weaknesses in your company’s IT infrastructure. This allows our Cyber Security Specialists to advise on the best course of action to vastly improve your cyber resilience, securing your data and protecting your business.