Default Banner

WannaCry makes me wanna cry

04/07/2017
WannaCry makes me wanna cry

One of the more dominant world news headlines in May 2017 was the rise of WannaCry; the new ‘ransomware’ threat that took thousands of computers by storm in hundreds of countries.

Spectacular rise

The WannaCry ransomware was one of the fastest spreading computer threats to date. Within 48hrs from discovery on Friday 14th May, it had spread to 150 countries, impacting more than 200,000 individuals. How did it spread so quickly?

Ransomware Worm

The truth is that this particular ransomware is a new type that can also act as a worm, duplicating itself into all the computers that it can see directly over a network and even over the internet.

Essentially, this means that only one user and one computer needs to open a suspicious email and run a suspicious attachment. That computer will then immediately start to encrypt all the files it has and at the same time to convert the files to have the extension “.wncry”. Subsequently, the wallpaper will be changed with instructions “guiding” affected users to run a program so to decrypt the files back to their original state. This process will also demand a payment of $300 in Bitcoin currency to be effected within three days, after which the amount will shoot up to $600.

This is a scary scenario already for most of us but, it gets worse. All the computers connected to the same network can potentially also be affected by this ransomware without their owners ever needing to open a suspicious email attachment… and this connection even extends itself ad infinitum to computers over the internet! All such computers would have the same ransomware wallpaper and program demanding a $300 payment in Bitcoin without the user having done anything wrong!

Update your computer!

Well, not exactly. While it is true that computers can get infected because their users are not strict with applying the latest updates, WannaCry uses an exploit that was actually discovered some months ago when a group of hackers decided to put the exploit on the internet for all to see. However, a patch against the exploit was only released in March, albeit ahead of when WannaCry started its rise, but only after the vulnerability was whistle-blown by other hackers who had produced a patch to counter it. As such, there was not much time for everyone to patch up with updates.

Legacy operating systems

Microsoft supports its Operating systems (both PC and Server) through their lifetime until they become obsoleted and discontinued. For Microsoft, anything below Windows 7 and its server counterpart, Windows 2008 R2, is currently unsupported. This means that Windows updates for old operating systems like Windows XP and Windows Vista and Windows Server 2003 are unavailable. So it means that this exploit was only patched for computers running Windows 7 or higher in March 2017. Any computer running an older ‘legacy’ operating system was not protected and therefore exposed to become affected by WannaCry. Surprisingly and fortunately Microsoft elected to produce patches to protect against this vulnerability for Windows XP and Vista and Server 2003 in May after WannaCry emerged.

England’s NHS impacted

World news on the same subject was peppered by reports of England’s NHS and the extent to which it was infected by WannaCry where it even had to reroute ambulances which put patients’ lives at risk. It is now therefore true to say that modern ransomware software is becoming a real threat to human life. Part of the reason why this might have happened is because most medical equipment, e.g. MRI scanners, require specialised software to run. Such software usually is developed under a specific operating system version, which eventually becomes a legacy system, such as Windows XP or Windows 2003. The “if it ain’t broke, don’t fix it” motto is no longer a good enough reason not to invest in securing the integrity of such important systems. That said, it is also unfortunate that software for such equipment is often not updated to run under newer operating systems, so legacy servers and software continue to run without being fully updated until a threat such as WannaCry appears. This scenario is a possible contributing factor to how the NHS might have been affected.

Mitigating future threats

It has since emerged that most of the computers that were infected were running Windows 7 OS, and not Windows Vista or XP. This means that these computers did not have the March 2017 security fix that Microsoft provided them to be protected against it. So, how should we mitigate against this and future threats?

  1. Install Windows Updates regularly and without fail as soon as Microsoft makes them available. There are usually new patches on the second Tuesday of every month, unless the security fixes are urgent, in which case, they are available immediately.
  2. Upgrade your computers to run the latest Operating Systems. As an example, Windows 10 does not have this above-mentioned vulnerability - it does not mean that if you run an infected attachment, you would not get your files encrypted, but a Windows 10 PC can never get infected through the network vulnerability that the other OS had and were patched against.
  3. Run good antivirus and antispyware software to protect your computer and perform software updates daily.
  4. Consider backup your important files to an online cloud storage service as these are always available and a virus such as WannaCry cannot hop from encrypted local files to the cloud (so far).
  5. Most importantly, use caution when you receive an email from an unknown person or when you see an unfamiliar, suspect or even funny attachment. It is better to purge this email immediately than to open it and risk getting infected, along with potentially many other computers.

 
Vincent Farrugia is a Technology and Security Manager at Deloitte Malta. For more information, please visit http://www2.deloitte.com/mt