Governments, corporations, and cyber security experts are still reeling after getting a taste of the most widespread ransomware attack to date, with the potential cost estimated at 4$ Billion. This past weekend, over 200,000 computers in 99 countries were hit by the unprecedented “Wanna” ransomware attack, also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r.
The British National Health Service was the first to report the attack after several of its systems had been hit. Later, Spain’s largest telecommunications company Telefonica, and French carmakers Renault also admitted to being hit – among other government agencies, global organizations, and corporations.
When activated, WannaCry malware spreads through a victim’s computer and locks all the files with the same encryption used for instant messages. Once the files have been encrypted, the malware deletes the originals and delivers a ransom note. It also changes the victim's wallpaper to a message demanding payment to return the files:
WannaCry spreads via SMB – the Server Message Block protocol used by Windows machines to communicate with file systems over a network. The ransomware leverages the SMB vulnerability by targeting a computer that is running on unpatched, not-updated or outdated versions of Windows and then spread itself like a worm to infect other vulnerable systems in the internal network.
This Windows vulnerability, known as EternalBlue, was dumped into the wild in April along with other alleged NSA tools by a group of hackers called the Shadow Brokers. Microsoft released a patch: MS17-010 in March, but it appears many organizations didn’t update their systems over the past two months, since that patch was released. In addition to the patch, Microsoft also released a security update for Windows XP, Windows 8, and Windows Server 2003 over the weekend – an unusual move, considering these versions are no longer supported by Microsoft.
The swiftness in which the attack spread, and the fact that it easily infiltrated systems that are supposed to be responsible for our safety is particularly troubling: if car manufacturer’s and public transport computer systems can get exploited so easily – what about other systems? How can we ensure our customers’ data is secure if the British public health services can’t?
This is another reminder that organizations should be continuously tracking their software infrastructure, environment, and components for any possible vulnerabilities. If some of the largest service providers, spanning a variety of fields, were attacked because they avoided something as basic as an automated Windows update for at least two months – can you imagine the state of their other software components? Hackers most probably can.
This is also another example of the way hackers swiftly exploit known vulnerabilities – knowing that so many organizations and software teams don’t patch or update on a regular basis. One vulnerability means a lot of exploits and a lot of money to hackers – WannaCry certainly proves them right.
That’s why it’s so important to make sure you keep track of all your software components: proprietary, third party and open source, so that you can locate vulnerabilities and mitigate them before the hackers get a chance to exploit your organization or product.
Putting an automated open source security management system in place to regularly track your components, alert your team about vulnerabilities and present the recommended fixes is a great step in the right direction.