WannaCry Ransomware: Who It Affected and Why It Matters
Technology is an ever-expanding market full of opportunity and dedicated to making our lives more convenient and advanced in the process. Countless companies across the world have recognized the power in embracing technology to survive and prosper and, with this being said, the world has never been more advanced than it is today — with a future as bright as the people creating it. Furthermore, although many people believe that the modern generation is completely out of their minds and “lazy”, what they do not realize is that this form of innovation and free thinking is exactly what makes these “digital natives” so similar to their ancestors of the Industrial Revolution before them.
However, with every great thing comes risk and, for the tech industry as a whole, this risk comes not only in the form of the sometimes dangerous advancements they provide our world with but also in the form of the people who hope to tear them down piece by piece. These people who hide in the shadows of technology and deploy their code maliciously are often referred to as hackers, and their need to destroy companies and make money off others is exactly why the tech industry is still fighting against the tides of change.
With data breaches slowly rising every day, particularly in the business world, and countless businesses flourishing despite it, it’s no surprise that every hacker is working to tear apart new encryption methods and get a piece of these business giants. In turn, it is quickly becoming harder and harder to keep customer data safe in the digital world.
However, on May 12th, one ransomware had spread so quickly and in such a way that not only the tech and business industries were affected, but even healthcare providers and average citizens found themselves completely locked out of their own computers and files likewise.
How did WannaCry Spread So Quickly?
Wanna Decryption, or WannaCry, is a ransomware that spread through Server Message Block (SMB) protocol, which is typically used by Windows machines to communicate with file systems over a network. In order to do this, the ransomware specifically targeted devices that had not received the MS17-010 Security Patch from Microsoft which was created to fix vulnerabilities in SMBv1. However, various companies, including Symantec, have claimed that WannaCry actually targets SMBv2 as well. With this said, you would ultimately have to be two months behind in your patch cycle in order to get hit with this ransomware.
Once the ransomware was able to deploy itself, it began to spread to other devices within the network that also did not have the proper patches and took control of all of their files as well. According to various sources, once the files had been taken, the hackers would leave only two files left: one which would contain instructions on what had just happened and one explaining how to pay them via Bitcoin, the most dominant cryptocurrency of the internet, in order to ‘possbily’ receive their files once more.
The hackers demanded $300 of each targeted computer and claimed that if they had not received payment in three days, the price would double. After a week, the hackers stated that they would delete all the files retrieved leaving you with nothing. Currently, it is reported that the hackers have tricked people into sending over $41,000 throughout the time the ransomware spread. According to Talos, WannaCry also doesn’t really target only valuable computers such as business computers or tech giants but rather targets anything it can get its hands on, “The file tasksche.exe checks for disk drives, including network shares and removable storage devices mapped to a letter, such as ‘C:/’, ‘D:/’ etc. The malware then checks for files with a file extension as listed in the appendix and encrypts these using 2048-bit RSA encryption.”
With this being said, WannaCry appears to have been solely spread through SMB meaning that, in order to be hit behind a firewall, ports 139 and 445 would have to be open and the hosts would have to be listening to inbound connections as well. Once one machine behind the firewall is infected, this could rapidly spread to any other machines in the network due to it being self-propagating.
Throughout the span of five days, the virus rapidly spread to over 150 countries and, in fact, you can see the rapid spread via this map using data compiled by Malware Tech. However, perhaps, the worst aspect of this virus was not just the people who had been infected, but rather the chaos it brought to the healthcare industry and their patients as well.
Everything you need to grow your career.
With your free Red Hat Developer program membership, unlock our library of cheat sheets and ebooks on next-generation application development.SIGN UP
Who did WannaCry affect?
The truth is WannaCry did not just affect the average citizen but also gravely endangered the healthcare industry and its patients as well. The truth is that, with a rise in telemedicine in the last few years, most patient records are digital meaning that taking these files during a ransomware attack could lead to countless individuals being denied healthcare and also having their information sold on the black market likewise.
In fact, in the UK alone, WannaCry hit 16 different hospitals, this was far from the only country affected, and the only hospitals hit likewise. During this time period, many were denied healthcare access, which is a very serious issue considering the recent research release in New York determining that a “third-wave” of asbestos-related diseases was upon us, among other things such as surgeries needing to be performed and pregnancies occurring throughout those five days. In fact, the National Health Service (NHS) says 16 of its organizations were attacked by WannaCry which resulted in doctors being locked out of patient records and forcing emergency rooms to send patients to other hospitals.
With over 200,000 machines infected across the globe, it seemed as though this ransomware was a lost cause—that was until one young individual proved that you can be a hero without even knowing it in the blink of an eye.
How Was This Ransomware Stopped?
Flash over to a tiny home where a 22-year-old self-taught IT expert sits comfortably surrounded by empty pizza boxes, video games, and computer servers. Marcus Hutchins, better known as Malware Tech, is not your average IT graduate with a job in a computer shop in his hometown. Hutchins has been making a name for himself in the hacking world by teaching himself complex hacking techniques all his life.
Although the young hacker recognizes that the skills gap is still a problem, he actually feels that universities are a joke and feels that teaching yourself is the best way to accomplish your dreams. After registering a garbled domain name hidden in the malware and halting the WannaCry ransomware attack, Hutchins claims the attack may be halted but could return if not handled properly. However, perhaps, we are in good hands, as the young hacker is now working alongside the Global Communications Headquarters (GCHQ) to prevent another attack from occurring.
So, at the end of the day, the big question we must ask ourselves is what this means for the tech industry and how it will affect our future and our security as a whole. In truth, this ransomware attack may just lead to the future of young individuals in technology and a more secure world overall.
Why Does WannaCry Matter to the Tech Industry?
WannaCry may just be yet another ransomware attack and, although it was certainly the largest in history, the most important aspect of this situation is not the spread itself, but the way it was halted. With a rise in young individuals in the tech industry, it is no surprise that a young and self-taught individual is the reason the virus could not spread any further. However, this goes beyond Hutchins himself, as it means that young individuals in our world may actually be the future of security in little to no time at all.
With Hutchins joining the GCHQ to try to prevent another massive attack, it only makes sense that this is the start of the youth joining tech giants to create a better tech industry overall. Although Hutchins may not believe in the usefulness of universities, it is highly important that our schools recognize the value of the students they are teaching and provide them with the kinds of learning environments that can ultimately help them to fill in the skills gap and change our world as a whole. For instance, by learning how to develop critical thinking in students, you can create a future generation that understands how to solve problems and work together in unique, yet ultimately more effective, ways.
Once we have formed a future full of promising young individuals primed specifically for the tech industry, we can begin to formulate a safer work environment, minimize security risks for our companies, and focus on what we, as citizens, can do to prevent ransomware attacks such as Wanna Decryption from ever occurring again. In the end, WannaCry has opened up many important conversations and kicked the ball into high gear for security specialists across the globe, which may be more important than the attack itself as it could quite literally mean a safer and better world because of it.
For a framework for building enterprise Java microservices visit WildFly Swarm and download the cheat sheet.