The cybersecurity world is still feeling the effects of the 2017 WannaCry ransomware attack today. While the majority of the damage occurred in the weeks after May 12, 2017, WannaCry ransomware attacks actually increased 53% from January 2021 to March 2021.
While researching my in-depth article WannaCry: How the Widespread Ransomware Changed Cybersecurity, I learned that WannaCry attacks are still found today. Even so, I was surprised that it is still such an active issue. So, what has happened since then? What are these attackers doing today? How have organizations responded to these threats? And will an attack like this happen again?
I was also more than a bit concerned to learn that the largest ransomware attack since WannaCry hit over the recent Fourth of July holiday, making it even more important that the cybersecurity industry continue to learn from past attacks.
Putting the Impact in Perspective
So, how has the WannaCry virus has affected cybersecurity broadly? Many changes had already happened before I wrote my article last year. But I had a hunch that even more had evolved after the increase in ransomware and the pandemic.
I knew from covering the attack live that the primary goal of the WannaCry ransomware was destruction, not financial gain. The ransom demand was only $300. But I was still surprised to learn how far the amount was from the average ransomware payment in 2020, which Emsisoft and ID Ransomware reported to be $154,000. This discrepancy points to the fact that those attackers were really after chaos and panic.
However, the monetary damages went much further than the ransom itself. Symantec estimated the WannaCry recovery cost at nearly $4 billion, very close to the nearly $4.9 billion in ransomware costs for all incidents in 2020.
Download the Definitive Guide to Ransomware
WannaCry Attackers Indicted
According to the U.S Department of Justice, three North Korean computer programmers were indicted by a grand jury on February 17, 2021 for their role in creating and distributing the WannaCry Ransomware.
Meanwhile, the 22-year old who discovered the WannaCry kill switch is also still in the media. Marcus Hutchins likely saved companies billions of dollars in damages — not to mention continued disruption. The 2020 Wired article The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet details how before stopping WannaCry he was involved in the creation and distribution of the Kronos banking Trojan and UPAS Kit malware. The judge’s decision to let him go is intriguing; the judge felt the cybersecurity industry needed people with Hutchins’ skills to stop threat actors. One can spend a long time pondering the very short distance between good and evil in the cybersecurity world.
Lessons Learned From WannaCry
The bottom line for organizations in the aftermath is that installing software patches in a timely matter is essential. Organizations that still haven’t patched the EternalBlue issue are at risk for being victims from more attacks.
As a cybersecurity writer, I often feel that most of my advice comes back to basics. I advise organizations to use strong passwords, train employees to avoid phishing scams and install software updates. After all, most attacks and issues come back to one of these or other basic guidelines. Using a zero trust approach and AI cybersecurity tools are quickly becoming industry standards. However, these institutional precautions don’t remove all risk. Every single person who uses your data, applications and network still needs to follow basic cybersecurity hygiene.
Another major change after WannaCry was that the U.K.’s National Health Services, to which the WannaCry ransomware attack caused serious disruption and damage, formed the Cyber Security Programme to lead the effort to make improvements specifically based on what happened.
Its top priorities include managing risk by communicating with NHS Trusts about vulnerabilities and completing critical cyber alerts. ZDNet detailed other changes, including patch assistance for NHS Trusts and evaluating and installing new backup systems when necessary.
Could we ever totally rid the world of ransomware so days like May 12, 2017 never happen again? The Washington Post asked whether an approach similar to Operation Warp Speed — the U.S. initiative to churn out COVID-19 vaccines fast — could work for inoculating against computer viruses. Their conclusion: this approach won’t work on a widespread basis. There are just too many targets and too much money on the line for attackers.
That leaves us with three options for ransomware: defend, defund and deter. In the end, ransomware is an evil we must learn to live with and manage.
It all came down to one big question. How likely is it that an attack on the scale of WannaCry ransomware will happen again? The best answer I’ve been able to articulate is that it’s possible — and maybe even probable. Only by returning to cybersecurity basics every single time, especially patches, can we work on defending against and deterring ransomware attacks.