we will contact you shortly

Wannacry Ransomware: Understand the cyberattack that hit the world in May 2017

On May 12, 2017, a cyberattack hit more than 230,000 computers in more than 150 countries worldwide.

Major companies such as the British National Health Service, Spain's Telefonica and Deutsche Bahn have been hit, along with many other companies around the world. The attack became known as WannaCry Ramsonware. But in the end, what was this cyberattack, what were its objectives and what consequences did it have?

What is Ransomware?

Ransomware is a type of malicious software that blocks access to victims' data in order to receive a cash redemption. The technique is called cryptoviral extortion, and consists of encrypting the files of a computer, rendering them inaccessible, and requiring a payment to decrypt them. The attack on May 12, 2017 required a ransom of between $ 300 and $ 600 per computer to restore access to the files and a seven-day deadline for making the payment. The value of the "rescue" was increasing as time passed.

How did the attack work?

The Wannacry attack exploited a vulnerability in Windows operating systems initially identified by the National Security Agency, which allowed malicious code to be sent from one infected computer to the other computers connected to the same computer network remotely. One of the major controversies related to this attack is the fact that the NSA had prior knowledge of this vulnerability from Microsoft, but instead of informing the company, have created a feature called EternalBlue that used for their own benefit in their investigations.

Microsoft released a patch in March that corrected the problem, but many users and companies did not upgrade. Malicious software was sent by email, in attachments and links, and immediately affected thousands of computers. Many experts consider that this attack could have been avoided if Microsoft had been aware of the crash earlier, and produced a security update that would prevent this.

Who was affected and why?

Users affected by this attack had not installed the Microsoft security update. According to data from Kaspersky Labs, 98% of affected computers used Windows 7 and the most affected countries were Russia, Ukraine and India. Hackers demanded payment through bitcoin, a digital coin invented in 2009 by a programmer or group of programmers using the name Satoshi Nakamoto. In May 2017, one bitcoin is equivalent to 2109.62 euros.

Consequences of the attack

Despite the severity of the attack, the consequences seem to have fallen short when compared to the potential for destruction that the software is supposed to have. In the United Kingdom, the attack affected computers that controlled entire hospitals, and thousands of patients could not receive medical treatment.

The impact of the attack was minimized by the discovery of a kill-switch built by the creators of the attack. A kill-switch is a built-in mechanism in a software to disable it. In the case of WannaCry, the kill-switch stopped the attack. The finding was made by a security expert who was studying malware independently.

So far the authorship of the attack is still unknown.

How to protect my computer from this attack?

If you use the Windows operating system, make sure that all of your software is up to date. Also, take additional security measures, such as not opening emails of unknown authorship and not clicking suspicious links.

+351 302 080 014