What can be learnt from the WannaCry exploit?

By Jamie Hoyles, Clook Internet Account Manager

Last week, a global cyber attack affected hundreds of thousands of organisations in 150 countries. In the UK, the attack hit 47 NHS trusts, leading to operations being cancelled and patients turned away from A&E.

The exploit – WannaCry - has been labelled “the biggest ransomware outbreak in history.” Along with crippling the NHS, it has affected organsations around the world including French car manufacturers, Russian banks, and a Spanish telecoms operator. Security software company Kaspersky Lab has suggested that the WannaCry ransomware has snared more than 300,000 victims since it was unleashed on Friday morning.

It’s estimated that removal of the virus takes a couple of hours, that’s 600,000 hours (albeit that large corporations can remove the virus from multiple machines at the same time) to remove a virus that could have been prevented in the first place.

What was the attack and how does it work?

WannaCry was delivered via phishing emails, cleverly disguised and worded in order to trick the recipient into opening attachments which then released the malware onto their system.

Once installed, the malicious code is able to gain control of the host machine and it locks files and encrypts them in a way that they can no longer be accessed. A window is then displayed, demanding payment in bitcoin in order to regain access.

My machine has WannaCry, what are my options?

Unfortunately even if the payment is made, there is no guarantee that the malicious code will be removed.

There are various guides online that discuss the steps required to remove the malicious code, however ultimately they all involve the removal of the files that have been encrypted and so data is irretrievable.

Why was WannaCry preventable?

A hugely frustrating aspect about the WannaCry outbreak is that it was all largely preventable. Microsoft released a security patch in March which if implemented would have avoided the malware taking hold. This is unless you are a Windows XP user who did not have this update available.

The moral of the story?

Vulnerabilities in software are discovered on a daily basis and updates are released in order to patch the insecure elements of code. The sad part is that these updates are often ignored by end users, either because they don’t have the time to restart their machine, or perhaps they’re worried that updating a particular application’s code will break their site, resulting in lost time whilst they re-code elements of their site. WannaCry is a warning as to what can happen if software is not kept up to date, 600,000 hours (the estimated time taken to clean all the globally infected machines) is a lot of time wasted and money lost. If there is an available update for any software that you use, I’d recommend you think about the consequences of not installing it, rather than the effects of installing it.