The WannaCry malware saw its peak infections on May 12th 2017, during which 300 000 computers across 150 countries were affected. This piece of malicious software locks computer data behind ransomwalls and demands Bitcoin payments for the release of this information.
However payment of this ransom does not even guarantee the safe release of the information. This is because the author of the WannaCry code did not include a method of storing and collecting the unique computer IDs of the victims’ computers. In other words, the attackers using the malware do not have any way to identify those who have paid the ransom, and therefore no way of knowing which information to release.
WannaCry exploits a vulnerability in the code for a component of Windows PCs called the “Windows Server Message Block”. It accomplishes this via a tool called “EternalBlue”, which is believed to have been developed by the NSA (US National Security Agency) for spying. This code was released to the public on April 14th 2017 by a group of cyberattackers called the “Shadow Brokers”, and has therefore become widely accessible since. By utilizing this vulnerability, attackers are able to insert the WannaCry malware directly into a system. This malware is particularly difficult to stop once it has gained ground, due to its ability to self-spread throughout an organization’s network without any further input from users.
Because it exploits a Windows vulnerability, WannaCry affects Microsoft Windows XP, Vista SP2, Server 2008 SP2, R2 SP1, 7, 8.1, RT 8.1, Server 2012 and R2, 10, and Server 2016.
The Repair has been Available
The Windows vulnerability that was exploited by EternalBlue was in fact repaired in a patch released by Microsoft in March of 2017, even before the “Shadow Brokers” released the spying tool to the public. The enormous impact of WannaCry was the result of many organizations being uninformed-of and neglecting important updates released by software developers. These updates often contain critical security fixes that protect your computers against the latest cyberthreats. In fact, ServiceNow completed a survey which discovered that 467 financial companies were impacted by cyberattack attempts that had in fact been patched prior to each incident.
It is this continued neglect of updates that has kept WannaCry relevant and dangerous even now, over a year after its peak. The Taiwan Semicondictor manufacturing Company (TSMC) has been one of the latest in the long list of WannaCry victims. The computer chip manufacturer reported that the ransomware attack resulted in production halts in numerous plants in Taiwan during early August 2018.
The Chief Executive Officer of the company reported that the breach was caused by a fake malicious supplier that was connected to the organization’s network. From there, the malware was able to spread to several of the plants owned by the company. The total financial cost of the damages are predicted to reduce the company’s Q3 revenue by 3%.
How to protect yourself from WannaCry
The TSMC attack demonstrates the importance of keeping your organization’s computers up-to-date with the latest software. The widespread neglect of the windows update that patched the WannaCry malware resulted in the amplification it its impacts across the world.
Below are some other best practices to keep your organization safe from malware like WannaCry:
Ensure that the url: “www[dot]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com” is not blocked on your computers. This domain was developed as a “kill switch” by the author of the WannaCry malware. If the URL is connected to your computer, the malware simply disables itself.
Disable old protocols on your computer such as the “SMB protocol” which contain the vulnerabilities that are exploited by cyberattackers. Also, do not open links or downloads found within email sources that you do not trust, or that seem malicious. This is one of the primary ways that malware can enter your system.
GigE Solutions can help your company protect itself from malware attacks by keeping your computers always up-to-date with the latest security patches. Contact us at +1 (888) 366-4443 to get started with us today!