What we all need to learn after WannaCry

Fraud will never go away, we ought to understand it, accept it and be prepared to fight it when the time comes. Unfortunately, most of us were not even remotely prepared for what happened a couple of days ago. WannaCry took us by surprise and caught us completely off guard. And this should not really happen in the context of IT security.

How it works

Hundreds of thousands of computers in more than 100 countries have been hit by an unexpected attack which exploited a Windows vulnerability, ironically enough, one that had already been patched two months earlier. But sadly, a lot of companies and individuals all over the world failed to update or upgrade their systems, not only leaving the door opened to fraudsters, but also inviting them in and giving them a warm welcoming.

WannaCry is a ransomware attack which encrypts the victims' files, making them inaccessible and afterwards demanding a ransom to decrypt them. In a ransomware case, data can only be decrypted by a special key that is unique per computer and only the hackers have access to it. Simpler ransomware attacks usually contain encryption errors which allow IT security experts to find a way to decrypt the files without paying the money.

Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file and does not usually spread very quickly. However, in this case, the infection has spread to a huge number of computers in just a few hours. The cause of this was the use of a publicly available exploit code for the patched SMB EternalBlue vulnerability. EternalBlue was allegedly developed by the US National Security Agency and leaked by the Shadow Brokers hacker group earlier in 2017. Once the exploit has been made public, Microsoft released a patch called MS17-010.

The WannaCry attack itself was not quite complicated, hackers did not put much effort into developing it, they've just used an known exploit and targeted all unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems. If all computers had been updated or upgraded in due time, WannaCry wouldn’t have had such a dramatic impact.

What's next?

The first most obvious move would be to make sure we all keep our computers up-to-date and, as Microsoft recommended, upgrade to Windows 10. Security experts believe this was the first of many other similar attacks that we are going to witness. According to some, there are already reports of additional malware in the wild taking advantage of MS17-010.

This leads to the following question: can attacks like this be prevented? The simple answer is yes and no. Apologies, as that isn’t actually a simple answer. But then again, things are never simple when it comes to cyber fraud.

Here’s some elaboration. As mentioned, it is keen that critical vulnerabilities which can lead to remote code execution are patched in a timely manner to avoid being used again in such attacks. A reliable and updated antivirus software can also help against these kinds of infections. Of course, the antivirus may miss initial detections when the malware is new, but in the long run, applying updated signatures as they become available can help protect against the malware. Regular updates and upgrades to new, improved versions of the system are also important to mitigate the risk.

At the same time, though, there will always be those who are trying to make an easy living, to get money by exploiting weaknesses and vulnerabilities. So, in my opinion, the most important thing we need to do is try to mitigate the risk and constantly be aware that security is key in whatever we do.

What do you do to prevent or mitigate the risk of such attacks?