Are you aware of the worst cyberattack of 2017, the WannaCry ransomware? WannaCry was one of the worst-hit ransomware attacks that surfaced around May 2017, in Asia. The malware spread like wildfire and infected more than 230,000 computers in a day. The WannaCry attack mainly affected the Windows operating system, and more than $4 billion losses reported. It’s still considered one of the most threatening ransomware attacks that ever occurred.
What is WannaCry?
WannaCry is a class of malware. It had the power of self-propagating, as it falls under the worm category. The scariest part is, it does not need any interaction with the victim to keep itself from spreading.
Cause of WannaCry Attack
WannaCry infected mostly the windows operating system. It all started when an exploit kit developed by the U.S. National Security Agency (NSA) to infect machines having Eternal Blue exploit, leaked and fell in the hands of wrong people called “Shadow Brokers”.
Eternal Blue exploit, also known as the infamous CVE-2017-0144, discusses remote code execution in Microsoft Server Message Block (SMB) 1.0. Microsoft SMB is a protocol for network file sharing. Successful exploitation of this vulnerability enables attackers to target the server with unauthorized code execution by sending crafted packets to the SMB server.
What Made WannaCry the Worst Event?
As the WannaCry spread widely, it infected several vulnerable endpoints running mostly outdated Windows 7, Windows XP, and several unpatched Windows 10 Operating Systems. This ransomware impacted various healthcare (like the U.K based National Health Services) and motor industries. Some of the worst impacts include erasure of several patient’s data and the cancellation of many vital surgery appointments. Similarly, in Japan, Honda had to temporarily close one of their plants as their important production files were locked. Many such examples show how the ransomware attack has affected every industry and acted as an industry-threatening event.
How a Ransomware Like WannaCry Victimizes Organizations
The victim has to pay a ransom to unlock their important files and folders. In most cases, WannaCry demanded $300 to unlock the files. The ransom value doubles after seven days. In case the ransom is not paid, the files get deleted permanently.
Victims are required to use Bitcoins to pay for the ransom, as Bitcoin transactions are hard to trace.
WannaCry ransomware amounted to more than $4 billion. Some of the statistics suggest WannaCry’s huge financial loss is still not estimated accurately now.
Did You Know that the Patch to Fix WannaCry Vulnerability Was Available 3 Months Before the Attack?
Now getting to how everyone could have avoided WannaCry, surprisingly, Microsoft had published the patch three months before the WannaCry attack and asked organizations to upgrade its operating systems. Upgrading the system addresses how SMB handles the crafted requests. Thus helping the Windows Operating System to stay safe.
WannaCry: Scenario so far
Why Were Endpoints Affected Even When a Patch Was Available?
1. Most of the organizations do not consider patching seriously and miss performing them on a daily. This negligence exposes their endpoints to some serious vulnerabilities.
2. In some cases, organizations do not have an effective tool in place to detect and remediate vulnerabilities.
Are Your Endpoints Safe from Potential Future Attacks like WannaCry?
There is always a possibility of a ransomware attack like WannaCry. If you are unaware of your cyber hygiene status, then there is a high chance that you become a victim of such attacks. Surprisingly, there are many organizations out there that are still using outdated software and operating systems. Even today, millions of devices have unattended vulnerabilities, which will invite more attacks like WannaCry in the future. Organizations must take preventive measures to secure their endpoints from attacks like this.
How Can SanerNow Help You Stay Ahead of Attacks Like WannaCry?
SanerNow comes with all the required features to manage and secure your endpoints under one roof. SanerNow’s vulnerability management and patching technique allow you to detect any vulnerabilities and instantly remediate them. With SanerNow, you can stay on top of your vulnerabilities by running continuous vulnerability scans, accurate vulnerability detection, intact prioritization based on severity, and remediation through integrated patching. This way, SanerNow continuously monitors your endpoints and secures your network from attacks like WannaCry.
SanerNow Patch Management
Check out this SanerNow’s eBook on “Best practices of orchestrating cyber hygiene” and keep your endpoints in check.
Take a Free Trial of SecPod SanerNow and stay ahead of the next cyberattack like WannaCry.