WannaCry wasn’t a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol.
As a result, when the WannaCry “ransomworm” hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide.
While the discovery of a “kill switch” in the code blunted the spread of the attack and newly developed patches countered the SMB vulnerability, WannaCry ultimately set the stage for the development of collective defense efforts that focused on information sharing to help limit attack impact.
What vulnerabilities did the attack expose in common security frameworks, and how did it change the course of cybersecurity? Five years later, it’s worth a look back on WannaCry for any worms of wisdom.
Anatomy of a Ransomworm
The basic components of WannaCry were simple and familiar. Using a self-contained malware dropper, the WannaCry executable extracted three components after compromising a device: an encryption application, files with encryption keys and a copy of The Onion Router (Tor) for anonymous communication.
What set WannaCry apart, however, was its use of the SMB vulnerability to replicate itself across multiple network-connected devices. This exploit effort — known as EternalBlue — took WannaCry from mildly annoying to massively problematic.
Initially developed by the National Security Agency (NSA), EternalBlue was subsequently stolen by a hacker group known as the Shadow Brokers, who in turn released it publicly on April 8th, 2017. Just over a month later, WannaCry began worming its way through high-profile systems across the globe, including Britain’s National Health Service (NHS).
A Tweet told the tale. Devices across the NHS began displayi ..
Support the originator by clicking the read the rest link below.
