WannaCry: The Cryptoworm That Lives Up to Its Name.

Imagine you wake up one morning and see your computer will not work and has a popup demanding you send over money in cryptocurrency in order for your device to return to normal. Although one might think paying will fix the problem, in reality, most times will end up with you losing money and still having your device locked. Doesn't sound like much fin does it?

WannaCry is a piece of ransomware which involves a cryptoworm encrypting the files of one’s computer with the demand of $300 in Bitcoin to unlock the encrypted files. This exploit affected over 200,000 Windows devices all across the globe. In the UK, the National Health Service was hit by the WannaCry attack and many of their machines were not able to access patient records and appointments and non-urgent surgeries were forced to be pushed back (Collier, 2017).

EternalBlue is an exploit created by the National Security Agency (NSA) that involves a vulnerability of the Server Message Block (SMB) on Microsoft Windows machines. An attacker can use this exploit to send corrupted or malicious packets to the target machine causing it to become infected. The NSA discovered this exploit before Microsoft did, and did not inform Microsoft about the exploit until the hacking group Shadow Brokers hacked the NSA and stole the exploit. Microsoft was only then alerted by the NSA, and the MS17-010 patch was released to all Windows operating systems to fix the vulnerability.

Microsoft criticized the NSA for not telling them about the exploit earlier, and for “stockpiling” exploits for government use. Microsoft’s president Brad Smith wrote, “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.” What other exploits may be out there that are being kept secret by our government agencies and do they have the responsibility of bringing it to the public's attention? When tools for good are stolen and used for evil, it raises the question of should these tools exist in the first place if they can be used maliciously.

The amount of financial damage is estimated by some to be in the hundreds of millions with others saying it could potentially be as big as $4 Billion. Other exploits similar to WannaCry, such as NotPetya, have been in the wild for a few years now and have infected its fair share of computers. Ransomware attacks happen everyday but are often foiled by protection software. According to Avast, as of June 2020 their protection software is blocking 20 million EternalBlue attacks each month.

The MS17-010 patch fixed the problem of the attacks, but users and companies that were slow to update their machines were still open to the exploit. Having antivirus software installed on all devices is a good way for users to protect themselves. There are many different brands offering their own protection plans, both free and paid, which may also include such things as firewalls or file scanners. Be careful to not download unknown files or click malicious links can potentially infect one’s machine.

There are ransomware attacks happening everyday, some with bigger news articles written about them. Cybersecurity Ventures estimates that ransomware will cost $20 billion globally in 2021, an almost 60% increase from 2015. As ransomware becomes a more common attack, companies need to know that they are secure and have no flaws in their system. Occasionally hiring penetration testers to find any potential exploits is a good idea for any company dealing in sensitive data. Companies might be worried about a repeat of this attack with a vulnerability in their own companies system. Having an informed IT group in one's company can help navigate what plan is right for the specific company.