Four years ago, the world woke up to a major cybersecurity attack that started on May 12, 2017, and lasted for four days. The attack was from ransomware known as WannaCry that targeted computer systems and servers that were running Microsoft Windows operating system.
Delivery of the WannaCry ransomware
Events leading up to May 12, 2017, WannaCry ransomware attack started with the leakage of EternalBlue by the Shadow Brokers hacker group on April 14, 2017.
EternalBlue was a cyberattack exploit developed by the National Security Agency (NSA), which exploited Microsoft’s implementation of the Server Message Block (SMB) protocol. The exploit leak also came just one month after Microsoft released patches that would have prevented any attacks stemming from the vulnerability.
However, many organizations, businesses, veterinary practices and health providers did not update their systems.
On May 12, WannaCry ransomware propagated itself through EternalBlue, infecting over 300,000 computer systems around the world. The ransomware was unique in its nature and delivery because, unlike other ransomware that required action from their victims for them to spread, WannaCry was a worm, and thus could use computers as a delivery system for other devices.
Computer worms are types of malware that are capable of spreading copies of themselves from one computer to another. They are capable of replicating themselves without any external intervention from humans. WannaCry propagation as a worm also meant that it did not need to attach itself to a program in order to cause damage and spread itself, making it very efficient in attacking and infecting computer systems and networks around the world.
The WannaCry killswitch
The greatest invention of the WannaCry ransomware that helped it spread faster around the world, infecting hundreds of thousands of computers was also its greatest undoing which ended up helping cybersecurity experts stop its spread.
The cyber criminals group behind the ransomware used remote packets of data to execute the code of their victim’s computers. To achieve this, the malware would send an initial packet, known as a dropper, which would be executed by the Server Message Block (SMB). After the initial execution, the dropper would then try connecting to an unregistered domain name that was seemingly made of a random string of numbers and letters.
Wannacry would halt its execution if a successful connection to the domain name was made, otherwise, it would continue its attack if a connection was not established. The problem was, the domain name was unregistered, meaning that the ransomware would attack every time a computer got infected.
Once the connection failed, the ransomware would start the encryption process, and then demand a payment of $3000 from its victims. The victims were required to send the amount using bitcoin. The ransomware also came with a hard deadline, threatening that if the money was not paid within 7 days, all the files and data that had been encrypted would be deleted.
It did not take long for someone to figure out about the random string domain name, and noticing that it was unregistered. Marcus Hutchins was only 22 years old when he discovered that the malware was sending requests to an unregistered domain name. He went ahead and purchased the domain.
To everyone’s surprise, although the WannaCry ransomware continued to spread, it did not execute its encryption, becoming the worm’s killswitch.
Impact of the WannaCry attack
Wannacry ransomware attack is regarded as the largest cyberattack in history to date. The attack infected hundreds of thousands of computer systems worldwide and spread to over 150 countries.
Its biggest impact, however, is that it popularized ransomware attacks and governments, organizations, businesses, veterinary practices and health providers had come to the realization of the dangers lurking in cyberspace.
Before the attack, many outside the government regarded cyber attacks as only attacks between governments. It also brought to the mainstream the act of hijacking information, encrypting the data and demanding payments for victims to get their hands on a decryptor.
Before, WannaCry attack, such largescale attacks targeting businesses, organizations and private institutions was almost unheard of. However, with $4 billion in losses from the ransomware later, cyber security has become an important aspect of any organization and business looking to avoid such attacks.
Lessons for veterinary practices
The WannaCry ransomware was a result of a security exploit from Microsoft Windows, which the company had already patched on its latest version of Windows available at the time. However, many organizations, both private and public, and businesses had not updated their operating systems two months down the line.
The successful compromise of these operating systems offered a glimpse to veterinary practices around the world of how things can turn awry in a short span of time, and result in damage to their practices and their IT infrastructure.
It was also a snapshot of what happens when victims decide to pay cyber criminals to get their data decrypted. Reports at the time indicated that victims who paid the group behind the ransomware were not able to recover their data. This is because the project was not well programmed to match victim’s computer systems with their respective decryptors. This resulted in the same fate for victims who paid and those who avoided paying the cyber criminals, their data was encrypted forever, and some even lost it through deletion by the program.
Wannacry ransomware attack was a wake-up call for veterinary practices around the world on why they need to have good security systems on their computer systems and networks. It also a reminder of the threat lurking in cyberspace and why investment in cyber security is important for practices looking to survive such a global cyber attack.
How do you ensure your veterinary hospital is protected?
Schedule your FREE consultation call with Lucca Veterinary Data Security to see how a cyber security audit can help save your hospital $135,000.00