Clavister Blog Staff

WannaCry – what a difference a year makes. Or does it?

In Blog post by Clavister Blog Staff

If you’re an IT or cybersecurity professional, you’ll probably remember exactly what you were doing on the afternoon of Friday May 12, 2017.  That was the day the WannaCry ransomware attack started.  The infection spread with incredible speed worldwide, infecting over 200,000 PCs and servers across 150 countries in just 72 hours, scrambling business data and causing widespread, indiscriminate disruption.

Some of the high-profile businesses impacted were the telco Telefónica, FedEx, Deutsche Bahn, Renault, Nissan and the UK’s National Health Service.  The attack has been estimated to have caused financial damages and losses of anything up to four billion dollars.

WannaCry was able to spread so fast because it exploited a common Windows vulnerability MS17-010, also known as the ‘EternalBlue’ exploit. This vulnerability existed in Windows versions from XP (introduced in 2001) onwards, and enabled attackers to execute code remotely on PCs and servers. Although Microsoft had actually released a patch for the flaw in March 2017—some two months before the WannaCry attack—many organizations had not yet applied the patch their systems, exposing them to the attack.  This exposure was compounded by companies not having appropriate security measures in place to block the ransomware’s propagation across their networks.

So how far have we come, 12 months after WannaCry—and the follow-on attack, NotPetya, which also took advantage of the EternalBlue exploit to cause further widespread damage? Unfortunately, the answer is: not very far.

New research from anti-virus vendor Avast has shown that 29% of all Windows-based PCs and servers globally are still not patched against EternalBlue, and are therefore vulnerable to further exploits. As such, it’s no surprise that WannaCry is still active in the wild:  in fact, in March 2018, Boeing was reported to have been hit by it. And If the City of Atlanta’s IT and security teams had applied the latest Windows patches following the WannaCry attack last year, it’s likely that it wouldn’t have been successfully hit by SamSam ransomware attack which took out multiple computer systems earlier this year.

It’s clear, then, that regular, systematic patching of systems and software is essential to reduce organizations’ exposure to both existing and new ransomware. It’s one of the key protective security steps which we detailed here a year ago at the time of WannaCry—and those steps are just as relevant now, as they were then.   These security basics are the equivalent of the vaccinations you had when you were young—they will protect you against the overwhelming majority of viruses and malware, so that you’re highly unlikely to fall victim to an infectious agent for which there’s already a cure.