WannaCry

WannaCry was a 2017 worldwide ransomware attack which targeted computers running the Microsoft Windows operating system.

WannaCry malware attack

WannaCry was a 2017 worldwide ransomware attack by the WannaCry cryptoworm.

Designed to target computers running the Microsoft Windows operating system, it encrypted data and demanded ransom payments in the Bitcoin cryptocurrency. The attack was stopped within a few days of its discovery due to emergency patches released by Microsoft, and the discovery of a 'kill switch' that prevented infected computers from spreading the malware further. The attack was estimated to have affected more than 200,000 computers across 150 countries.

 

Attack timeline

At the start of the business day on May 12, 2017, Adaptive Defense 360 began to successfully detect and block a large number of attacks that took advantage of the EternalBlue vulnerability to introduce the WannaCry malware onto computers. The extent of the attacks reached virtually every corner of the globe.

The ransomware attack affected certain vulnerable Microsoft Windows systems, encrypting all their files and those of the network drives to which they were connected, and infecting other vulnerable Windows systems on the same network. The process ended with a ransom demand for its decryption, specifically the payment of $300.

Also, the starting up of vulnerable, not yet compromised computers on the Monday following the outbreak triggered a second wave of the attack. Many companies and institutions in China and Japan fell victim to this second wave, including large corporations, ATMs and hospitals.

 

Operation

The considerable potency of this attack campaign can be chalked up to the exploitation of a widespread Windows vulnerability. The idea of taking advantage of this flaw is attributed to the U.S. National Security Agency (NSA), according to documents leaked one month before the attack, in April 2017.

The infection didn't require human intervention, such as opening an email or downloading something from the Internet, to gain entry to a system. This allowed the attack to take place practically simultaneously on the whole planet and without the intervention of users. It was therefore a massive attack without human barriers.

The infection affected all connected Windows devices on the same network that were not properly updated. Infection of a single computer could end up compromising the entire corporate network.

Many traditional protection solutions aimed at stopping malicious files are not able to block attacks that take advantage of this or other vulnerabilities to enter computers and networks. In the case of WannaCry, this resulted in the cyberattack managing to spread to a large number of countries and affect a huge number of users (mainly in companies and public institutions).

 

How to protect yourself from WannaCry

Not all companies in the world that hadn't applied the security patch for fixing the vulnerability leveraged by WannaCry fell victim to the attack. However, many companies had to stop all of their processes until a security update was implemented, as a precautionary measure.

In this context, it can be concluded that the solution to this type of attack must implement a holistic and structurally different approach to traditional cybersecurity products. This is what Panda DOME does. The visibility provided by Panda Security's product suite and its prevention, detection and remediation capabilities enabled us to respond immediately to the threat, protecting users' computers from the very first minutes of the malware outbreak.