On May 12, 2017, Ransomware’s biggest attack of history erupted. “WannaCry,” the infamous ransomware that spread indiscriminately affecting PCs around the world, including consumer teams, businesses, care services, and even government departments. Almost a year later, WannaCry malware, which exploits EternalBlue’s vulnerability, continues to circulate, as in the recent case in which it affected the Boeing aircraft manufacturer.
Avast has detected and blocked more than 176 million of WannaCry attacks in 217 countries since the initial attack last year and, in March 2018, Avast prevented 54 million from attacks that attempted to abuse EternalBlue. Given the publicity around them, it could be supposed that people and companies would have completed their system upgrades since the outbreak. Our data, however, shows that almost a third (29%) of Windows-based computers around the world are still vulnerable.
The intent behind WannaCry’s initial attack seems to have been the destruction, carried out by a nation-state and not by cybercriminals for profit, which has traditionally been the main motivator that drives Ransomware’s attacks. At the end of last year, the U.S. government attributed the attack to North Korea. The WannaCry code was defective, including the payment component, and it is estimated that the actors behind WannaCry charged approximately $140, at the end of August.
WannaCry’s success is reduced to three key factors: a vulnerability that prevailed in many PCs with older operating systems exploded; The old operating systems were not supported and were therefore vulnerable to the explosion and no user action was required to assist the propagation as it took the form of a worm. In Avast, throughout the year since it caused its damage, we have researched and compiled ideas that can help understand what needs to be done to prevent this type of cyber attack from happening again.