WannaCry: everything about this malware

WannaCry is a ransomware responsible in 2017 for causing damage reaching billions of dollars. A security flaw in Windows enabled this attack, even affecting official authorities and large groups.

What is WannaCry?¶

In May 2017, one of the most serious ransomware attacks occurred, an attack the world had never seen before. The malware used went by several names and was notably called Wana Decrypt0r 2.0, WannaCrypt, WCRY or Wcrypt. To date, however, the best-known name for this cyberattack is WannaCry. Much more than 230,000 computers in nearly 150 countries were attacked and their data or entire operating systems locked down. Users therefore had to pay a ransom in bitcoins to unlock the affected data. Official authorities, however, advised against paying this ransom, whatever the situation.

The “front door” used by WannaCry was a Windows security flaw named MS17-010. This flaw was exploited using the EternalBlue exploit. This technology would have been developed by the American intelligence services of the NSA who would have used it for several years for their own purposes. Initially, following the publication of the flaw by a group of hackers, Microsoft learned of the problem and attempted to resolve it in March 2017 using a security patch. Since this patch is not compatible with all systems, many users did not run the update. WannaCry, the successor to EternalBlue, was thus able to spread almost freely two months later.

What is the goal of WannaCry?¶

WannaCry locks important files and therefore locks out users. The latter then receive a message informing them that their data is being held hostage. The goal of the hackers behind WannaCry is money. Victims of 2017 attack had to pay 300 US dollars to unlock their data. If they did not transfer the money within the stipulated time, the requirement doubled. Since WannaCry multiplied independently and could move from one network to another using a file-sharing protocol, the potential profit also jumped in a short time. In 2017, several tens of thousands of computers were infected per hour. Even after paying the ransom, probably no data has been unlocked.

How much damage does WannaCry cause?¶

It is difficult to precisely quantify the damage caused by WannaCry. Experts suggest the sum of several billion US dollars. This considerable figure, however, is not attributable solely to ransoms. In addition to individuals, WannaCry also targeted numerous companies, official bodies and public organizations, and completely blocked their systems temporarily. For example, the NHS was so affected that many important operations had to be postponed, patients' electronic medical records were no longer accessible, and ambulances were receiving incorrect information. More than 30 percent of all NHS hospitals were temporarily attacked by WannaCry.

In Germany, Deutsche Bahn was mainly affected by WannaCry. Signal boards and video surveillance have therefore broken down in many stations. Similar problems have been noted within the Russian railway company. In Spain, WannaCry led to restrictions on Telefónica's telephone network. Other companies hit hard include FedEx, Honda and Renault, among others. In addition, the Romanian Ministry of Foreign Affairs was attacked, as were universities in Montreal and Thessaloniki, as well as the court in São Paulo. We assume that not all of these groups and institutions had timely updated their systems. Before the required updates could be executed, WannaCry had already struck.

Is WannaCry still dangerous?¶

Fortunately, the 2017 mass attack only lasted a few days. While examining WannaCry, British cybersecurity expert Marcus Hutchins discovered some sort of Emergency stop button which had been hidden, intentionally or by mistake, in the malware code. The researcher was thus able to register a domain that stopped WannaCry. However, the danger is not yet completely over. Recent versions of WannaCry are still circulating and are sent without the emergency stop button. Since they all exploit the same Windows security flaw, the danger of this type of malware can at least be limited. Other malware, however, is much more dangerous.

How to protect yourself against ransomware, like WannaCry?

Although ransomware is constantly evolving, there are effective tactics with which you can protect your system from attacks by WannaCry or its successors. It is thus possible to rule out ransomware. However, you must respect the following instructions:

• Maintain : Always keep your system up to date. This not only prevents your computer from slowing down at any given time, but also closes the majority of entry points for WannaCry and other malware. The ransomware described in this article used a gateway that Microsoft has essentially already closed. Only a computer on which the security patch is not (yet) installed can be infected.
• Security software : protect your system using an appropriate firewall and always use appropriate antivirus software. Thus, in addition to ransomware, spyware and scareware will also be detected early.
• Control sources : never open an email from which you do not know the sender and do not click on any link that seems suspicious to you. For USB sticks and other external data storage media, you should also exercise caution and plug in these devices only if you know what content is stored on them.
• Backups : Running regular backups does not prevent ransomware attacks from occurring, but if you do fall victim to them, the damage is greatly reduced. Indeed, in the event of a lock, you can reinstall the system and access a previous version. There is also specific software that runs backups automatically and regularly.