Today marks the fifth anniversary of the NHS WannaCry cyber-attack. Cyber security expert reacted below.
WannaCry had a huge impact on the ransomware industry by showing the limits of opportunistic attacks. While it infected and crippled over 200,000 computers in 150 countries and caused as much as $4B in damages, it failed to deliver results as a financially motivated attack (total pay-out was only about $140K).
It’s not a coincidence that big game hunting and Ransomware-as-a-Service model gained popularity the year after the WannaCry attack. So while we still see old-school opportunistic attacks in our telemetry as leading detections, from the perspective of total payouts, profit-sharing RaaS groups took over and are the de-facto standard model for the ransomware industry.
On reflection, there are minimal differences about WannaCry’s attacks now. There is some regarding encryption, but nothing has really changed in the context of propagation. If it’s not broken, don’t fix it – this self-propagating ransomware is still generating revenue for cybercriminals, and there are no incentives to innovate this particular piece of malware.
Detections for WannaCry are still high, with them leading our top 10 list of ransomware families tracked month-to-month for the last six months. We, at Bitdefender, don’t expect this to change any time soon. There are several reasons why old ransomware families are still visible in our telemetry. While the first inclination would be to attribute detections to false positives (for example detections from malware collectors or testing systems of security researchers). I must note that we extensively process and scrub our data to exclude such false detections.
We would advise organizations, especially in the mid-market (and even SMBs) to get ready by validating their detection and response preparedness, whether using in-house security teams or managed security services.
As we reach the five-year anniversary of the WannaCry attack it’s as important as ever for businesses to be thinking of just how robust their defences are.
There are a couple of obvious bits of advice like ensuring mission critical data is backed up, software is updated, and employees have appropriate training. However, with ransomware becoming more sophisticated, so too must the defence measures. The usual tips and tricks aren’t enough anymore, and organisations need to look much deeper to increase their security; for example, businesses can employ DNS filtering. Ransomware mostly operates through some form of communication with a command-and-control server. With filtering, it’s possible for an organisation to identify when an operator is trying to communicate with malware and block that channel.
Ransomware is not going to disappear overnight so it’s important that businesses look internally and ensure they’re trying to stay ahead of the attackers.
It’s been five years since the NHS WannaCry cyber attack and, with organisations now finding themselves at the centre of a cyber war, the threat of ransomware has never been higher. More stories are breaking of devastating breaches, exposing more vulnerable data than ever before. No matter what size the company, no one is safe from cyber-attackers without a carefully regimented plan for protection, detection and response.
Cyber criminals are continuously probing and looking for weaknesses, and it only takes a single vulnerability to enable a breach. Whether held on your systems or a company contracted by you, if it is your data, it is your responsibility.
Companies can’t promise to stave off every attack, but they can understand how attacks occur, what type of data is at the greatest risk and how to lessen the blow. Regardless of their size, organisations need to remain always on guard and ensure they have the right tools, technologies and processes in place to fight off would-be cyber attackers. Hospitals in particular must not rely on outdated legacy systems and provide secure technology to ensure patients are safe.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics