WannaCry became the first major attack of ransomware of history. It brought into play data from millions of files around the world, as it had a global reach and marked the beginning of the political use of this type of malicious program.
It should be remembered that ransomware is a malicious program that enters the system, encrypts files and then demands ransom money to return to the user the possibility of accessing them.
WannaCry started spreading on May 12, 2017 and was described as an “unprecedented attack” due to its magnitude: more than 230 thousand computers in 150 countries were affected.
The countries most affected were Russia, Ukraine, India and Great Britain, where the national health service was compromised. Spain, for its part, suffered the attack on the Telefónica company and in Germany, the German railway company Deutsche Bahn AG was the main target.
WannaCry did not continue to spread thanks to a circumstantial hero who found a way to stop it. yese is about Marcus Hutchins, also known by his alias Malware Tech, who found a “shutdown button” which was in the malware code.
Hutchins was able to prevent the spread of WannaCry by registering a domain name that the worm apparently had to connect to in order to “capture” (encrypt) the files on the machines it infected..
Although this did not help the machines that had been infected, it did help to stop the spread of this cyberattack and take defensive measures. One of them was the Windows update with the patch that the company released in March 2017, two months before the attack, but that many users had not yet installed.
One year after the incident, Park Jin Hyok was identified as the culprit behind the creation of Wannacry and its global attack. For now, he has an arrest warrant but he is free.
How did it happen
WannaCry spread aggressively using the EternalBlue Windows vulnerability, or MS17-010. EternalBlue is a critical bug in Windows code. The vulnerability allows attackers to execute code remotely creating a request for the Windows File and Printer Sharing service.
Once the system enters a computer, it scans the network and looks for other IP addresses randomly. When it finds another vulnerable computer, it enters and thus begins to spread.
Microsoft had released a patch for EternalBlue two months before the spread of WannaCry but millions of users failed to update the system and so they were left vulnerable to attack. Even today there are users who did not install that patch. Aside from WannaCry, other ransomware strains, such as NotPetya, have used the EternalBlue vulnerability.
The increase in these types of attacks
The attacks of ransomware have grown in recent times. According to a report by Accenture, attacks of this type increased by 107% globally in the last year. This conclusion is in line with another study recently released by Sophos detailing that 37% of companies were victims of this type of scam in 2021.
“Remote and hybrid work modalities, coupled with accelerating cloud adoption, have opened up new opportunities for attackers to exploit. Its sophistication is increasing, with new trends such as Ransomware-as-a-Service or double and even triple extortion. Cyber criminals threaten to publish private information for double extortion and demand ransom not only from the infected organization itself, but also from its customers, partners and suppliers in the triple extortion format”, they highlight in a statement released by CheckPoint within the framework of the anniversary of the spread of WannaCry.
What precautionary measures to take to avoid becoming a victim of ransomware
1. Keep the operating system up to date to make sure you have all the security patches.
2. Avoid entering links that arrive by mail or message. Nor download attachments. Always verify if the information really comes from who it claims to come from. For that you have to contact, by phone or by entering the official site, if the communication received is genuine.
3. Stay informed in cybersecurity issues to be alert and know how to take care of yourself.
4. Have a backup of the information in the cloud and hard drives, in case the equipment is eventually damaged, so as not to lose any type of information.
5. Resort to a security solution to reinforce care.