Remembering WannaCry, five years on

It has been five years since the global WannaCry attack, which caused widespread network disruption around the world, impacting household names and causing widespread disruption of the day to day operations at banks, telecom providers and healthcare organisations among others.

The WannaCry ransomware cryptoworm targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin.

The attack highlighted the systemic nature of ransomware attacks, how they can be indiscriminate and cause major business interruption.

Fast forward five years and the threat remains ever present.

Ranswomware gangs have become more sophisticated in their approach, tailoring ransom demands to the size of the organisation they are targeting and frequently employing double extortion techniques.

Further, with heightened geopolitical risk since Russia’s invasion of Ukraine, governments are warning that companies could fall victim to spillover from state-sponsored attacks.

Beware unpatched systems

Alex Hinchliffe, threat intelligence analyst, Unit 42, thinks the level of vulnerable, unpatched systems increases the vulnerability to attacks, including WannaCry - which is still around today.

“At Unit 42, we still see the occasional sample of WannaCry being analysed in our systems based on what customers are seeing in their networks. It’s likely this is due to the worm attempting to spread using its built-in windows exploits, which may or may not be successful.”

“Worms were not common five years ago, especially not when combined with such a powerful and prevalent exploit as the one used,” he continues. ”Even before this period, patching vulnerabilities was high on the list of things to do in order to better secure networks from attacks. However, the WannaCry event served to bring this point front and centre for many businesses.

“Since then, we’ve seen more worms using similar vulnerabilities and we’ve also seen an increase in the number of vulnerabilities in general.

”Couple this with the growing list of software used by many organisations now, and the attack surface area remains great.”

Ransom payments on the rise

The average ransom payment has climbed significantly over the last year. The proportion of victims paying ransoms of $1 million or more has nearly tripled in the last year, rising from 4% in 2020 to 11% in 2021.

Two thirds of of business organisations were hit by ransomware in 2021, according to Stockapps.com. This marked a 78% increase from 2020’s figures that stood at 37%.

It found that the ransomware-as-a-service model increases the reach of ransomware and lowers the skill level required to conduct an assault.

Edith Reads, a financial expert at Stockapps.com, said the insurance industry was complicit in the rise of incidents: “Many cyber insurance companies have begun to cover a wide range of ransomware recovery costs, including the ransom, likely leading to ever-increasing extortion demands.”

To protect themselves from worms like WannaCry, organisations should take a robust approach to assessing where they may be most vulnerable, thinks Unit 42’s Hinchliffe.

“It’s likely impossible to patch everything in every network, so organisations should prioritise based on what the systems are and whether they play a key role in serving or protecting company assets, or based on threat intelligence data that could inform which vulnerabilities are actively being targeted by threats and threat actors that could pose a risk.”