Researchers have reported that the exploit behind WannaCry originated from the NSA and was leaked by the Shadow Brokers last month. Industry reaction to this disclosure has been swift.
According to Brad Smith, president of Microsoft: “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”
WannaCry ransomware has infected hundreds of thousands of devices, so just how lucrative has this infection been for its perpetrators? According to a report from Ars Techinica, the attack only brought in $20,000 on Friday, however, payments had reached an estimated $71,000 by noon eastern time on Monday, May 15th.
Different ransom amounts have been delivered to the victims of this attack, but most have been between $300 and $600. Unfortunately, paying the ransom does not guarantee the victims will gain access back to their infected devices. Ultimately, the size and scope of this attack are noteworthy and, unfortunately, we may see similar infections in the future.
“Any machine can be held ransom by cybercriminals; from your average IoT device to cloud networks to life saving healthcare equipment,” says Kevin Bocek, chief security strategist for Venafi, “The reality is that our lives are dependent on machines and this is especially true in hospitals. Ransomware is not unique to a particular industry; we’ve already seen hotels locked down by similar attacks, but this event is shocking.”
So what can you do to protect yourself from WannaCry now? First things first, make sure your Windows devices are fully updated. Microsoft issued patches for all of the exploits leaked by the Shadow Brokers back in April. Windows XP users are also protected. The company issued an emergency patch for WannaCry on Saturday, even though support for the operating system ended in April 2014.
In addition, the security industry must anticipate similar attacks near major political events. “The UK government should expect more of these of incidents in the run up to June elections,” says Bocek. “Bad actors will likely ramp up their attacks to embarrass the government and disrupt public services. Any country with high stakes elections, such as the UK and Germany, needs to have a cyber security program that is ready to respond to these kinds of attacks."
Can your organization defend itself against a WannaCry-styled ransomware attack?