Invicta Vlogs
Why did WannaCry have such an impact on the world?
WannaCry was a widespread crypto-locker ransomware attack (a hack which locks a victim out of their computer and asks for money in order for it to be unlocked) that took place in May 2017. It spread through devices running on Microsoft Windows and affected over 200,000 computers globally. The ransomware encrypted a user’s data, stopping them from being able to use their device and access their files, asking for a payment of $300 in bitcoin (an online currency) to be able to access them. This ransom was later increased to $600. WannaCry exploited a bug in the Windows Operating System. This bug had been fixed in a security patch just under two months prior however, as many people do not update their computers, there were still lots of devices open to the exploit.
The hack was developed by ‘The Equation Group’, which is allegedly a part the United States National Security Agency. The hack was called EternalBlue and a hacker group known as ‘The Shadow Brokers’ made it public.
At first, people thought that WannaCry had spread through a phishing attack – an email or text with a link (or a file) containing malware (software with malicious intent). However, it later became apparent that EternalBlue was the exploit which had been used to spread the ransomware, with DoublePulsar being used as a backdoor onto the devices. DoublePulsar is software that runs in kernel mode, which grants cybercriminals admin control over the computer system. Once installed it can load and execute malware on the computer.
The attack rendered a victim’s computer useless, with a message stating to pay the ransom within three days, or all their data would be deleted permanently. Even if someone paid the ransom, they did not get their files back due to the WannaCry code being faulty as the hackers had no way of knowing who paid the ransom and who didn’t. It is still speculated as to whether anyone affected by WannaCry got their files back. In general, it is a bad idea to pay a ransom. It leaves you more vulnerable to being targeted in the future, as hackers know you are likely to pay the ransom if you did before, and there is no guarantee that you will get your data back.
WannaCry had a huge impact on the NHS. Ambulances were rerouted, computer systems failed. It is estimated that a third of NHS Hospital Trusts were affected by the attack, costing £92 million as a result. Globally, it is estimated that WannaCry cost $4 billion in losses.
Attacks like these are always a stark reminder of the potential dangers of technology. To help prevent being affected by a ransomware attack, you can:
- Ensure you have antivirus, and keep it updated
- Ensure your Operating System is kept up to date
- Backup your data to the cloud/an external storage device (e.g. removable hard disk or USB)
- Don’t follow suspicious links or open suspicious files, especially if the file contains macros as these can be used to execute malware
Charlotte Worrall
Senior Prefect/Head Digital Leader