Get free advice on all things IT


The Aftermath of the WannaCry Exploit - Or Is It?


Ransomware has been a major threat to businesses since the mid 2000s. Cyber criminals have become increasingly sneaky with their tactics. WannaCry was one of the biggest attacks of 2017, infecting more than 300,000 computers in over 150 countries. But although it’s been contained, there’s no telling when similar attacks might crop up. So, how can we prevent something like it from happening again?

Wannacry exploit aftermath

A Brief Recap on WannaCry: What is it and What Did it Do?

Infecting more than 300,000 computers worldwide, including government agencies and hospitals, WannaCry was one of the biggest and most widespread ransomware attacks seen so far in history. Also known as WanaCrypt0r 2.0 and WCry, the malware displayed the typical characteristics: 

  • Mostly spread through malicious emails with attachments.
  • When recipients were tricked into opening the attachments, the malware was released - a technique also known as phishing.
  • Used a hacking tool called “Eternal Blue” to allow unprecedented access to all Windows computers, particularly those with vulnerabilities. Eternal Blue effectively acted as the crowbar that cracked open the doors to the weaknesses in victims’ computers.
  • Infected computers’ files are locked and encrypted so users can’t access them.
  • Payment is demanded in Bitcoin in order to regain access, with ransom ranging between $300 and $600.

WannaCry ran from 12th May to 15th May 2017 and in those three days, it cost companies and governments up to $4 billion. Russia, Taiwan and Ukraine were the worst affected. In the UK, the NHS took the biggest hit. Hospitals were forced to cancel appointments and turn away patients after their files were scrambled, and staff had to revert to pen and paper or use their own mobile devices for tasks.

The attack cost the NHS untold amounts in terms of recovery costs and losses of productivity. However, the overall figure can’t be quantified because it was that large and investigations had to be conducted to assess the true impact WannaCry had.

WannaCry spread by exploiting a vulnerability in Microsoft systems. Although suppliers are always releasing patches and providing updates, people don’t always install them, so weak spots remain open for longer and it becomes easier for hackers to slip through the cracks. As well as this, security updates openly outline the errors that they’re fixing, so hackers will know exactly where and how to target.

The NHS was particularly affected because it relied so heavily on outdated Windows systems, such as Windows XP. This older version of Windows is so outdated that it no longer properly offers support to protect against malware like WannaCry. Once the malware enters an unpatched system, it acts like a worm, digging its way into other servers and computers on the same network.

Is it Truly the End of WannaCry?

WannaCry was contained when a cybersecurity expert accidentally discovered a “kill switch” which prevented further spread of the ransomware. But there’s no telling when the hackers might change the code and develop a strain of the ransomware that doesn’t have a kill switch. If that happens, the outbreak will begin all over again and cause huge devastation.

Preventing WannaCry

WannaCry might have been defeated, but the battle against ransomware still continues. So, there are various lessons to be learnt from the WannaCry outbreak.

There are ways to remove malware, such as WannaCry, from your computer by using anti-virus software and ransomware decryption tools to try and unlock your files. However in most cases, the encryption in malware is extremely strong and even experienced hackers will find it difficult to unlock without the private key.

If you’ve been infected, your best hope is to rely on your backups, data replications and archives to restore your data. All that, of course, relies on whether you’ve taken precautions to try and prevent any potential malware attacks.

How to Protect Yourself Against Ransomware

Cybercriminals might target huge global companies and government agencies, but they aren’t fussy about their victims - they’ll attack smaller firms too. And more often than not, these firms are the ones who will be crippled the most. After all, they’re unlikely to have the same amount of revenue to support malware attacks as the huge global corporations.

But regardless of your business’s size, you need to be aware that ransomware can happen at any time (just like a bout of flu can take down half of your department for a week) and be prepared.

  • Ensure that your computer software is always up to date. The notifications telling you to update your computer might be annoying, but they’re there for a reason. Hackers are always looking for potential chinks in a computer software’s armour. Don’t ignore them unless you want Eternal Blue to exploit your computer’s weaknesses next.
  • Invest in strong anti-virus and anti-malware software to further protect your computer. They can act as the first line of defence against potential attacks.
  • Have strict cyber security protocols in place, including never opening attachments in emails from unknown senders, and ensure that your staff follow them.
  • Encrypt your sensitive data and only allow authorised members of staff to access and modify them.
  • Always backup your data and place them in several secure locations. Being vigilant with your backups means even if malware encrypts your data, you lose hardly anything because you’ve got backups that can restore everything.
  • Have a Disaster Recovery plan in place to ensure that your business can return to full working productivity as soon as possible without suffering any major consequences.

Learn More About Ransomware and the Importance of Disaster Recovery

No business is ever too big or too small for cybercrime. Ransomware attacks can happen at any time to any company and cause a multitude of devastating consequences. And as we venture further into the digital era, it’s even more important that we’re taking steps to avoid becoming victims of ransomware.

For more information on ransomware, its impact and why having a Disaster Recovery plan is essential, check out our free guide below.

Disaster Recovery CTA

FREE Case Consultation

Recent Posts