WannaCry is the ransomware cryptoworm that was behind the infamous worldwide cyberattack in 2017
In the spring of 2017, people all over the world booted up their computers and were met with a frightening message. Someone had encrypted all their files, and unless the victim paid up with bitcoin, that data would stay locked forever.
Hackers built WannaCry ransomware with speed and theft in mind. One infected computer could spread the virus to others. Soon, offices, manufacturing plants, and even hospitals couldn't function normally.
Researchers and programmers banded together, and the virus lost quite a bit of bite as the spring turned to summer. But if you have an older computer and you haven't taken action to protect it since 2017, you could still be at risk.
Ransomware attacks didn't stop with WannaCry. In fact, this successful money-grabbing scheme seems to inspire hackers to try new approaches. It's critical for every company to work on ransomware defences.
The world meets WannaCry
The WannaCry virus stems from three critical factors: government secrets, a shared operating system, and hackers.
WannaCry was born when hackers leaked tools developed by the United States government. Those tools took advantage of vulnerabilities within Windows operating systems. Their release caused quite a scandal. For hackers, the information presented an opportunity.
Hackers manipulated those tools to release the WannaCry malware on the world. The virus had replication built right in, so one infected computer could reach out and pull others into the network.
WannaCry infected an estimated 300,000 computers in 150 nations, and the final price tag for the damage was measured in billions. High-profile victims included hospitals and clinics in the United Kingdom and car manufacturers in Europe. But plenty of small companies were caught up in the scheme too.
Spotting the infection was easy. Look at your computer screen, and you'd see a message with:
- An explanation. The cryptoworm encrypted your data files, and you couldn't move past a lock screen.
- Instructions. You were told to release bitcoin to one of three public wallets to get access to your files.
- Warnings. If you didn't pay the fees by a deadline the hackers set, the hackers said you'd never get your files back.
Plenty of people paid up. By May of 2017, victims paid more than $27,000 to the hackers, and people could watch the bitcoin wallets fill up with more payments. But it was never clear if those people got access again.
What is WannaCry ransomware?
WannaCry is a ransomware cryptoworm that worked on computers running Microsoft Windows.
Infection typically followed this process:
- Exposure: Your computer was randomly chosen through being connected to an infected network. You didn't need to touch an infected email or tap a corrupted link—the program found you via the network.
- Check: The program attempted to access a very long, strange-looking web domain. If it could connect, the virus did nothing. If it couldn't, the virus started to run.
- Encrypt: The cryptoworm encrypted all the files your computer had access to, one by one.
- Attack: Your computer looked for others to infect. It could tap every other unprotected computer on your network.
- Warning: A new lock screen appeared that told you about the hack and what you should do next, including instructions to send money.
We know a lot about how this form of ransomware attack works now. But when it was released, experts hadn't seen anything quite like it before. And no one was prepared for a virus that was so widespread and devastating. Experts needed time to crack the code, but once they did, they could stop it.
Four key things happened:
- Microsoft released a software patch that protected users with current Windows software from WannaCry vulnerabilities. All users were encouraged to download and apply the patch as quickly as possible.
- Microsoft acted yet again with a patch appropriate for any form of Microsoft Windows, including very old versions that the company no longer promised to maintain. Once again, the company encouraged people to act.
- A developer looked deep at the code and spotted the domain name the virus looked for. That domain name had never been registered, meaning that every computer searching for it never found it (and executed the virus as a result). The developer registered that domain name, effectively ensuring that every infected computer would never execute the virus.
- A researcher released a solution that uninstalls the backdoor hackers used in the attack.
All of these steps ended the attacks in 2017. But if you have an older computer and you skipped some or all of these solutions, you could still be infected by WannaCry today. If you think you may not have updated your operating system since then, now would be a good time to do that.
Protect yourself from a ransomware attack
While WannaCry ransomware may not be a major threat in 2021 and beyond, it's not the only form of ransomware available. In fact, there are many attacks just like this circulating through cyberspace right now.
The Federal Trade Commission recommends a few commonsense ransomware protection steps:
- Update. Ensure that all the software you use on your machine, including your operating system and antivirus protection, is current.
- Save. Back up your data in a space separate from your network.
- Investigate. Don't click any strange links in email messages, and don't download any software from zip drives.
Advancing your Zero Trust architecture, securing access to all of your critical resources, and implementing strong, easy-to-use authentication controls can also make your organisation less vulnerable to ransomware attacks. Learn more.
NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet. (April 2017). Ars Technica.
Cyber-Attack: US and UK Blame North Korea for WannaCry. (December 2017). BBC.
Two Years After WannaCry, a Million Computers Remain at Risk. (May 2019). Tech Crunch.
Microsoft Security Bulletin MS17-010-Critical. (March 2017). Microsoft.
WannaCry: Are Your Security Tools Up-to-Date? (May 2017). The National Law Review.
The Confessions of Marcus Hutchins, the Man Who Saved the Internet. (May 2020). Wired.
NSA Backdoor Detected on 55,000 Windows Boxes Can Now Be Remotely Removed. (April 2017). Ars Technica.
Ransomware Prevention: An Update for Business. (December 2020). Federal Trade Commission.