Blog

More Details on the WannaCry Ransomware Attack

Additional details on the WannaCry attack

On May 12th a new global ransomware strain emerged. In just a few short days, the WannaCry threat hit hundreds of thousands of computers worldwide, exploiting critical vulnerabilities in Windows computers that were only recently patched by Microsoft in March of this year.

We initially wrote a blog article that described how anyone could better detect the WannaCry malware using Observable’s service. But we also wanted to follow up with additional details on what happened, how it was possible, and suggestions for what you can do to better prevent future attacks.

Why was WannaCry successful?

What made the WannaCry attack so successful is its ability to quickly spread itself throughout an organization’s network. Unpatched Windows computers are particularly vulnerable, and the virus has the ability to spread itself within corporate networks without the need for user interaction.

While individual computers are also susceptible, this method of infection has made WannaCry problematic for small and midsize businesses that sometimes fall behind in their scheduled patch updates for Windows users.

How does WannaCry ransomware work?

The WannaCry ransomware searches for and encrypts more than 175 different file types and appends itself to the end of the file name. When users attempt to access the file, they are told they must pay a $300 ransom in bitcoin.

After three days the ransom doubles, and after seven days, users are told the files will be deleted. Complicating matters even more, a bug in the virus prevented the code from executing correctly, which means users affected by WannaCry are not likely to get their files decrypted even if they pay the ransom. A new version of the virus with the bug corrected followed on May 18, but it was not as successful as the first attack.

What can I do to prepare for the next attack?

The success of the WannaCry attack serves as a stark reminder of the importance of maintaining and updating network security and system patches as quickly as possible. These cyber criminals have substantial resources available to them, often more than the businesses they choose to target, which means they can marshal resources quickly to take advantage of known vulnerabilities. Staying a step ahead is not easy, but necessary to protect your business.

Endpoint modeling prevents future tears

Fortunately endpoint modeling can help any size business increase vigilance and prevent threats like the WannaCry virus from impacting their network. Observable Networks’ endpoint modeling solution can help alert you to the presence of such threats in real time, giving your team the critical time it needs to identify the intrusion and address it before the damage becomes irreparable.


Experience Dynamic Endpoint Modeling on Your Own Network

Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.


Detect Threats Faster – Start Your Free, No-Risk Trial