What is WannaCry ransomware?

WannaCry is a ransomware that was responsible for billions of dollars in damages worldwide in 2017. A security leak in Windows led to the attack, which targeted government agencies and large corporations.

What is WannaCry?

In May 2017, one of the worst ransomware attacks globally occurred. The malware responsible for this incident went by various names, including Wana Decrypt0r 2.0, WannaCrypt, WCRY or Wcrypt, among others. However, the most widely recognized name for this cyberattack remains WannaCry. It impacted a staggering number of systems, infecting over 230,000 computers across nearly 150 countries, encrypting files and even entire operating systems. Victims were coerced into paying a Bitcoin ransom for file decryption, although authorities strongly discouraged such payments.

The gateway for WannaCry was a security vulnerability in Windows known as MS17-010. This flaw was exploited using the EternalBlue exploit, reportedly developed by the US intelligence agency NSA and used for its own purposes for an extended period. It wasn’t until a hacker group disclosed the vulnerability that Microsoft became aware and attempted to address it with a security patch in March 2017. Unfortunately, due to compatibility issues with some systems and users neglecting updates, WannaCry, the successor to EternalBlue, managed to propagate relatively unchecked two months later.

What is WannaCry targeting?

WannaCry encrypts important files, effectively locking users out of their data, and delivers a ransom message demanding money. The hackers’ primary motive is financial gain, initially demanding $300 in 2017 for data release. If victims failed to pay promptly, the ransom doubled. Because WannaCry autonomously replicates itself and spreads through file-sharing protocols, its potential impact and profits escalated rapidly. Tens of thousands of computers were being infected hourly in 2017. Notably, even after paying the ransom, victims often did not regain access to their data as promised.

How much damage did WannaCry cause?

The damage caused by WannaCry cannot be precisely quantified. Experts estimate it to be several billion US dollars. The substantial financial impact of WannaCry wasn’t solely from ransom payments. This malware targeted not only individuals but also numerous businesses, government agencies, and public institutions, often causing widespread system disruptions. For instance, it severely impacted the UK’s National Health Service (NHS), leading to the postponement of critical operations, loss of access to patient records, and incorrect information provided to ambulances. At its peak, over 30 percent of NHS hospitals were affected by WannaCry.

In Germany, Deutsche Bahn experienced significant disruptions, with display boards and video surveillance failing at many train stations. The Russian Railway Company faced similar issues. In Spain, WannaCry caused restrictions in Telefónica’s telephone network. Other affected companies included FedEx, Honda, and Renault. Additionally, government entities like the Romanian Ministry of Foreign Affairs, universities in Montreal and Thessaloniki, and the São Paulo Justice Court were targeted. It’s likely that these organizations didn’t update their systems in a timely manner, leaving them vulnerable to WannaCry’s attack, which struck before necessary updates could be implemented.

Is WannaCry still a threat?

Fortunately, the massive 2017 WannaCry attack lasted only a few days. During the investigation, British cybersecurity expert Marcus Hutchins discovered an emergency shutdown switch intentionally or accidentally embedded in the malware’s code. Hutchins successfully registered a domain to trigger this switch, effectively shutting down WannaCry. However, the threat hasn’t disappeared entirely, as newer versions of WannaCry continue to circulate without the emergency switch. Still, given that they exploit the same Windows vulnerability, measures have been taken to minimize the risk from this particular type of malware. Yet, it’s worth noting that other malware strains can pose even greater dangers.

How to protect yourself from ransomware like WannaCry

Even though ransomware is constantly evolving, there are good tactics you can use to protect your system from attacks with WannaCry or its successors. For this purpose, it’s possible to remove ransomware. Nevertheless, you should definitely pay attention to the following:

• Currentness: Always keep your system up to date. Regularly updating your computer not only keeps it running smoothly but also closes off many potential entry points for ransomware like WannaCry. The discussed ransomware exploited an entry point that Microsoft had already patched. Only those who had not yet installed this security update fell victim to the attack.
• Security software: Protect your system with a suitable firewall and use a suitable antivirus program. This way, in addition to ransomware, spyware and scareware can also be detected early.
• Check sources: Avoid opening emails from unknown senders or with suspicious sender names, and refrain from clicking on dubious links. Exercise caution when dealing with USB sticks or other external data devices; only connect them if you’re certain about their contents.
• Backups: Regular backups will not prevent an attack with ransomware, but if you become a victim of an attack, the damage will be significantly less. They enable you to restore your system to a previous state if encryption occurs. Additionally, there are specialized programs that can automate the process of creating regular backups for added protection.