In 2017, WannaCry stole headlines, impacting over 230,000 devices around the world and causing billions in damages. Further waves of the malicious attacks were witnessed again in 2018, hitting healthcare organisations, manufacturing operations and other enterprises across a wide range of sectors.
What is WannaCry?
WannaCry is a form of ransomware that works by exploiting a Windows Server Message Block (SMB) protocol vulnerability, which lets it spread. The SMB protocol allows a network of Windows devices to communicate, but it can be fooled by packets cleverly developed by threat actors, into executing their malicious code.
WannaCry is created using multiple components. The ransomware takes the form of an autonomous program called a DoublePulsar dropper when it arrives on a compromised device, which is designed to extract the other components embedded inside it. These components have been identified as an app that can encrypt or decrypt data, files that include encryption keys and software that delivers anonymous communication (Tor).
The WannaCry attack method
WannaCry’s program code is not complex, making it simple for security experts to study. Once the ransomware has been executed, it attempts to access a URL that is hard-coded, known as the “kill switch”. If it is unable to perform this action, it starts to search and encrypt data records, filtering files for certain formats, such as MKVs, MP3s and files in Microsoft Office, effectively locking them from user access. After files are rendered indecipherable, it presents a ransom demand for the decryption of the data, requesting a Bitcoin amount worth either $300 to be paid in three days or $600 paid in one week.
WannaCry target lists
Healthcare facilities were hit hard by WannaCry due to their considerable use of computers running Windows operating systems, many of which were out of date and without appropriate security patches. Attacks in this sector had critical consequences, such as emergency rooms being closed, medical devices being inoperable and vital equipment isolated from hospital networks. Large-scale manufacturers also suffered significantly, with power outages causing havoc and expensive disruption to production processes.
Victims of WannaCry and other ransomware attacks are always advised by IT security professionals and the authorities not to pay up. While this is partly because when companies pay ransoms, it encourages threat operators to continue their criminal activities, it is also for a far more practical reason. Many documented cases have illustrated that WannaCry ransomware operators do not always decrypt data following payment, and in some cases, do not possess the technical ability to return the records to their original state.
Enterprises seeking to remain resilient against attacks from ransomware gangs and other cybercriminals set on stealing data can rely on Galaxkey for a solution. Following in-depth research and development, we have constructed our most secure system. With zero backdoors for hackers to infiltrate, no passwords are ever retained, mitigating vulnerabilities. Our secure platform features cutting-edge encryption based on the triple-layer onion model, and it is exceptionally easy to use, ensuring accurate encrypting of private files whenever required.
Get in touch with our specialist team today and arrange a free, 14-day trial to test drive it yourself.