Malware Attack WannaCry - A Global Ransomware Attack in 2017

WannaCry was a global ransomware attack in 2017 using the WannaCry crypto worm.

It was developed for target computers with the Microsoft Windows operating system to encrypt data and request ransom payments in the cryptocurrency Bitcoin. The attack was stopped within a few days of its discovery with emergency patches published by Microsoft and the discovery of a “kill switch” that prevented the malware from spreading through infected computers. It is estimated that the attack affected more than 200,000 computers in 150 countries.

Timing of The Attack

At the beginning of the weekday on May 12, 2017, Adaptive Defense 360 ​​began detecting and blocking a large number of attacks that used the EternalBlue vulnerability to deploy the WannaCry malware on computers. The attack reached practically every corner of the world.

It affected certainly vulnerable Microsoft Windows systems; all of their files and network drives they were connected to have been encrypted and other vulnerable Windows systems on the same network have been infected. The process ended with a $ 300 ransom note for decryption.

Also, the launch of vulnerable, not-yet-compromised computers triggered a second wave of attacks on the Monday following the outbreak. Many companies and institutions in China and Japan, including large corporations, ATMs, and hospitals, fell victim to this second wave.

Execution

The considerable strength of this attack campaign is related to the exploitation of a widespread Windows security vulnerability. The idea of ​​exploiting this loophole is attributed to the American National Security Agency (NSA). This is shown by documents that were leaked a month before the attack (in April 2017).

The infection did not require human intervention (such as opening an email or downloading it from the Internet) to gain access to a system. This allowed the attack to take place virtually simultaneously across the globe and without user intervention. So it was a massive attack with no human barriers.

The infection affected all connected Windows devices on the same network that had not been properly updated. Infecting a single computer could put the entire corporate network at risk.

Many traditional protection solutions that aim to stop malicious files cannot stop attacks that exploit these or other security vulnerabilities to infiltrate computers and networks. In the case of WannaCry, this resulted in the cyberattack spreading to a large number of countries and affecting a huge number of users (mainly in companies and public institutions).

How to Protect Yourself from WannaCry

Not all companies in the world that did not apply the security patch to fix the vulnerability that WannaCry exploited were victims of the attack. However, many companies had to stop all processes as a precaution until a security update had been implemented.

In this context, it can be concluded that a solution to this type of attack requires a holistic and structurally different approach than traditional cybersecurity products. That is exactly what Protegent360's Total Security offers. Thanks to the transparency provided by the Panda Security suite of products, as well as their ability to prevent, detect and fix problems, we were able to respond to the threat immediately and protect users' computers within minutes of the malware outbreak.