WannaCry: What Was it, How Did It Spread, and How Can You Stay Protected?

Credit: Vishnu_KV via Pixabay https://pixabay.com/illustrations/ransomware-wannacry-malware-2318381/

Imagine if scammers could hack computers worldwide and demand a ransom in a cryptocurrency from their victims. Actually, you don’t need to try to picture it, as it already happened in 2017.

A hacker collective known as “The Shadow Brokers” launched a devastating ransomware attack in May 2017 targeting people using the Microsoft Windows operating system. “WannaCry” encrypted their information and only returned access after the hackers had been paid a ransom in Bitcoin cryptocurrency.

As many as 200,000 computers in 150 different countries were affected, costing anywhere from hundreds of millions of dollars to billions. The attack was so vast that it made news headlines everywhere, so you probably remember it broadly. It transcended personal computers, affecting kiosks and large display terminals.

Let’s take a closer look at the WannaCry attack to better understand how it could spread so far, do so much damage, and how encrypted communication can keep you protected from something similar moving forward.

What Exactly Was WannaCry?

At first, news agencies reported that WannaCry was spread through a malicious spam campaign, as is often the case. It was an easy mistake to make, but the real story turned out to be considerably worse.

The WannaCry worm was spread by an operation that seeks out vulnerable public-facing SMB ports, then uses two exploits created by the National Security Agency, EternalBlue and DoublePulsar, to get on the network and establish persistence and allow for the installation.

An exploit technique known as “heap spraying” injects shellcode into vulnerable systems. Bits of source code reviewed by Malware Byte Labs determined that this is how the malware worked:

  • The malware sends an SMB Echo request to the intended target
  • Sets up the exploit for the machine architecture
  • Performs SMB fingerprinting
  • If successful exploitation occurs, then it’s in
  • If not, the malware pings the backdoor to get an SMB reply
  • If the backdoor is not installed, the malware gets uploaded

It can be difficult to discuss complicated technical issues related to coding in a way that does them justice while also being understandable. Basically, the hackers exploited backdoors created by the NSA.

The US Department of Justice officially blamed North Korea for the hack, with Canada, New Zealand, Japan, and the UK standing by this assessment. North Korea denies any involvement in the cyberattack.

The day after the first attack, Microsoft released emergency patches for end-of-life products Windows XP, Windows Server 2003, and Windows 8. Days after, British researcher Marcus Hutchins found a killswitch that prevented infected computers from spreading the malware further.

As bad as the malware attack was, it could have been much worse.

How to Avoid Becoming a Malware Victim

WannaCry couldn’t spread like wildfire or wreak such havoc had it not been for backdoors which the NSA created and the hackers then weaponized. Microsoft president Brad Smith called on countries worldwide not to log flaws in the coding that bad actors could use as digital weapons.

Countries need a national response because hackers can target public infrastructure and cause damage that impacts the economy. But as we’ve seen, sometimes a country has conflicting goals, and the backdoors they create for purposes of national security come back to bite them.

That’s why what society at large could do to prevent such an attack from occurring is not the same question as what companies or people can do right now to keep themselves safe. Private individuals or businesses need to guard their privacy at all costs — there is no second prime directive.

There are certain precautions that, if taken, would have protected someone who was otherwise vulnerable. They could have downloaded every Microsoft update, disabled unnecessary protocols, and segmented their networks to keep a potential infection more contained.

But these are half-measures. Doing all of them could have prevented the WannaCry ransomware from spreading. Military-grade encrypted phone calls and emails would have made anyone impervious to WannaCry, since the backdoors that permitted that malware wouldn’t have existed on any such device.

“Encryption” can’t be secure if there’s potentially a backdoor, and that is often the case with encryption that comes with free communication platforms, even if it promises to offer “end-to-end encryption.” Likewise, governments around the world are locked in a tense stand-off between, as they frame it, national security and privacy rights.

European and North American governments claim they can offer both, but that’s proven impossible. In practice, the measures taken in the name of national security compromise people’s digital privacy rights, even when enacted with the best intentions. The government may not be the ones violating citizens’ privacy rights by eavesdropping or collecting data, but they may inadvertently leave an opening for hackers to exploit. 

Credit: geralt via Pixabay https://pixabay.com/illustrations/cyber-attack-encryption-smartphone-4444448/

You can see here how national security always wins out over privacy rights, as for five years, the NSA did not alert Microsoft about the vulnerabilities they had created in the form of EternalBlue or DoublePulsar. They only did so after the breach occurred — in other words, after it was too late.

That’s why Myntex protection is designed to keep users’ data safe, no matter how local legislation in any region evolves. Laws may change, but the need for privacy does not.

Not all hacks or malware attacks are this disruptive or widespread, but you can’t anticipate how large or powerful they’ll be. Most people know their business much better than they understand coding or digital security. They just want to know that they can carry out their profession without leaving their company, clients, customers, or themselves vulnerable.

Check out these educational resources to learn more about how encryption works and find helpful tutorials, downloads, and software updates. People across sectors need meaningful digital security for different reasons, and it’s impossible to operate surefootedly when digital extortion is always a risk.

Modern business productivity tools keep you safe from ransomware attacks, and you don’t need to be a technical specialist to use them.