WannaCry: the most exciting thing to happen in cybersecurity for ages

Published on the 16/05/2017 | Written by Donovan Jackson

Massive ransomware attack kicks PR machines into overdrive…

Just when you started to think that all those billions and billions of dollars ‘invested’ in cybersecurity must surely have delivered something at least reasonably safe, along comes WannaCry to shatter the illusion. And the malware has done so comprehensively, too.

Firstly, for those who don’t yet know, what’s the fuss all about? This: WannaCry, AKA WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor is ransomware targeting Windows operating systems; it was launched on Friday, 12 May, and has infected more than 230,000 computers in 150 countries, demanding bitcoin ransom payments.

To my press inbox, then. Pundits will know that the cybersecurity security industry is ‘well resourced’, which is a euphemism for ‘killing it’, so there is no shortage of keen commentators keen to comment on the latest woe which has betided our computer-addled society.

Top of our vox pops is Malwarebytes’ man in ANZ, Jim Cook. He confirmed that once again, this massive outbreak is down to less massive diligence: “WannaCryptor is another example of a known, patched vulnerability causing tremendous issues for people and businesses around the world.”

The billions spent on security, therefore, are no good if your systems aren’t updated. Can’t blame the security vendors for that oversight.

Meanwhile, Gerrit Lansing, Cyberark chief architect said WannaCry started out as a reported attack on the National Health Service and has ‘evolved into what appears to be one of the largest-scale instances of ransomware on record, with current reports saying there are victims in close to 100 countries.’

“Ransomware is constantly evolving and we’re seeing more variants that don’t limit themselves to encrypting solely whatever is on a PC’s hard drive. Instead they focus on accounts that provide broader access, such as those owned by IT administrators. This approach allows the infiltrator to move more widely within the network, searching for more systems and encrypting them too. It therefore doesn’t matter whose computer was initially targeted, the attack still has the potential to cause significant damage.”

Notorious Windows, again; or, more accurately, notorious Windows users.

And Nick Savvides from Symantec said, “Ransomware is a major problem in Australia, and this attack is no different. This is not a targeted attack, which means many people will receive the malicious emails. Ransomware doesn’t discriminate and affects home and business users.”

Added Cook: “Our research shows the encryption is done with RSA-2048 encryption, which means that it is near impossible to decrypt unless the coders have made an error somewhere. If possible apply MS17-010 Microsoft patch to all PCs immediately.  If you have Windows XP machines in your network we recommend disconnecting them until this wave has passed.”

There’s some good advice out there to help deal with the WannaCry fiasco; Splunk provides a detailed bit of insight which is also easy to follow. Check it out here.

Finally, InternetNZ provides ‘consumer-level’ advice which still rings true for every computer user:

1) Turn on automatic updates or ensure all software (including anti-virus) and your Operating System are patched/updated. The WannaCry malware targets Windows systems, and Microsoft has released a patch for its software that prevents it from taking hold (this patch is called MS17-010).

2) You should also be running, or planning to move to, the most recent version of your operating system of choice (e.g. Windows 10 or macOS 10.12).

3) Backup your files regularly, and keep at least one backup offline. WannaCry is a type of malware that encrypts your files and ransoms them back to you, meaning that it first blocks access to your files and then deletes them if you don’t pay the ransom.

4) Take care with your email, and don’t open unexpected attachments or click on links in emails. Initial infections from WannaCry may have spread through email. Care with attachments and suspicious links can prevent similar infections.

Nothing new there, then. But ever since ‘I love you’, what we have learned time and time again is that interest in information security (and data backups) is directly proportional to experiencing a loss.

Makes you wanna cry. Right?

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...