WannaCry Ransomware – Two Years On
WannaCry, a form of ransomware that emerged in May 2017 and spread across more than 150 countries worldwide, cost the NHS around £100m. It was a first of a kind making it an historical milestone in the cyber security story.
The WannaCry ransomware, which is still active although the threat has largely been neutralised by a Windows patch, carries the potential for a huge financial cost to businesses paid for in Bitcoins. The cost is calculated per computer affected, which can lead to a huge final cost for one organisation or business.
Since the attack 2 years ago, new methods have been found to prevent malicious attacks like this from occurring again. Any business is susceptible to attack, no matter what size business you are, which is why cyber security needs to be an essential part of every business’s agenda.
What is WannaCry?
The WannaCry attack works by sending a message through a server message block (SMB). The message attacks the server and encrypts files.
Once the files are encrypted, payment for decryption is demanded and is between £230 – £460 per computer. 3 days after initial encryption, the cost for decrypting the files will usually double.
After 7 days, the encrypted files will be beyond recovery. This will be devastating for any business or organisation. A business won’t have access to important files thus making day to day business activities almost impossible. Furthermore, someone else will have full access to your data and they are likely to use it to gain any advantage possible.
What Happened 2 Years Ago
On the 12th May 2017, the WannaCry ransomware appeared and it spread worldwide. Travelling to over 150 countries, it had a global effect on companies like FedEx and Telefonica who reported a £437,000 loss as they fell victims to the WannaCry ransomware.
Closer to home the UKs NHS was hit hardest by WannaCry giving the UK health care system a massive shock. 19,000 appointments were affected across the country with 6,900 being cancelled in one day.
The frustration for the NHS came from the fact that a prevention patch for this exact attack had been created just two months prior to the attack in March 2017. The NHS were complacent towards their cyber security and ignored the advice to patch their systems thoroughly. Ultimately, they paid the price.
The Recovery Process
A devastating financial cost arrived with the WannaCry attack on the NHS adding up to £92 million, which was ultimately paid for by the UK taxpayer. Breaking that figure down, £19 million was from lost output and the other £73 million was an IT cost in the aftermath. This was to make sure their IT was up to scratch so this wouldn’t happen again.
A ‘kill switch’ was activated on the evening of 12th May 2017 to prevent a further spread of malware. This action was carried out by a cyber security researcher who identifies as ‘MalwareTech’.
The domain name was owned by ‘MalwareTech’ an individual who writes IT blogs and software. They quickly realised what was happening and registered the domain name. At first it was believed to be a mistake but fortunately, it was the cure which prevented the malware from spreading even further.
The software used by the NHS at the time was out of date which was one of the reasons the attack was successful. When the attack happened, the NHS was still using Windows 7. With most Microsoft products now using Windows 10 software, Windows 7 was out of date even 2 years ago. Any devices that were using Windows 10 were safe and unaffected from the attack.
Cyber Development since WannaCry
The message that’s arisen from WannaCry is, prevention is better (and cheaper) than cure. The biggest mistake the NHS made was not patching their software in a timely manner. If they had deployed the patch when it was released, the attack is likely to have been prevented.
A more thorough IT staff training programme has been introduced to make end users aware of the dangers of cyber attacks and how to avoid and prevent them. As the attack was carried out via an SMB, it is instigated by an end-user clicking the message the attack is being carried on.
In the NHS report following the WannaCry attacks, they strongly recommend the need for a business continuity plan. When the business of the NHS is often life or death, business continuity is an absolute must!
WannaCry teaches us that doing the basics can keep your business up and running. Preventative measures and IT training for end-users is critical but so is business continuity in case the worse happens. A multifaceted approach to cyber security is the key to surviving the likes of WannaCry in the future.