The Wannacry Incident
By Tanzeer Hossain
In May 2017, a ransomware attack known as “WannaCry” caused a worldwide crisis, severely disrupting computer systems across various sectors. This assault targeted machines running Microsoft Windows that had an unpatched vulnerability by using an attack tool, called “EternalBlue ,” which had been developed by the United States National Security Agency (NSA). A hacker group known as the “Shadow Brokers” stole the tool from the NSA (or bought it from the thief) and, in April 2017, released it, making it accessible to anyone. The attacks using this tool spread rapidly across networks, leading to the infection of hundreds of thousands of computers in over 150 countries, with the four most affected countries being Russia, Ukraine, India, and Taiwan.
EternalBlue’s capabilities consisted of techniques to gain unauthorized access to systems, encrypt data, and enforce ransom payments, primarily through Bitcoin, for the decryption of the attacked data. The ransomware infiltrated vulnerable systems by exploiting a critical flaw in the Server Message Block (SMB) protocol. This allowed attackers to send specially crafted packets to unpatched systems and perform remote code execution without needing authentication. Once inside systems, the WannaCry attack rapidly spread through networks, causing extensive damage. Hospitals and healthcare services were among the hardest-hit victims, with patient data and medical systems encrypted, severely hampering their ability to help patients. Other notable examples of affected victims included government agencies in Russia and India, and giant manufacturers such as Renault and Nissan, which had to completely halt operations due to the infection.
The financial impact of the attack caused a ripple effect that was felt globally. Rough numbers suggest the attack caused hundreds of millions, if not billions, of dollars in damage. This includes the cost of system disruptions and downtime, loss of function, and the cost of repair and recovery. Taking the NHS as an example, the costs of repairing systems and recovering their data amounted to £73 million, with an additional £19 million attributed to abrupt cancellations of appointments and surgeries.
(The NHS has created a “lessons learned” document, going into detail about the event and their response.)
FedEx, the giant package delivery corporation, stated that the attack caused severe operational disruptions and significant costs. Some of these costs included fixing their reputational damage, compensating affected customers, and repairing the damage.
In the wake of this cyber threat, both Telefónica and Renault, two other affected companies, have stated that they would take decisive measures to fortify their cybersecurity defenses. Telefónica, a prominent telecommunications provider, stated that it implemented thorough security training programs for employees, on top of upgrading its network defenses. Renault stated that it undertook a thorough review and overhaul of its computing infrastructure, ensuring that all systems were consistently updated and patched.
The NHS invested heavily in improving its cybersecurity, including more effective backups and greatly enhanced threat detection. These changes reflect an ongoing trend of organizations prioritizing cybersecurity in their strategic planning to mitigate future risks. The healthcare sector emerged as a focal point for cybersecurity investments.
The WannaCry attack served as a stark reminder of the vulnerabilities within our increasingly technological world, highlighting the critical importance of cybersecurity. It underscored the detrimental consequences of neglecting software updates and security best practices. While causing significant disruption and financial loss, it also spurred organizations to prioritize cybersecurity, leading to improved security and greater awareness.