A relatively unusual kind of ransomware cyber-attack took the world by storm a few months ago, causing calamities in businesses around the world. The attack rippled across more than 150 countries in just a matter of hours causing loss of millions of dollars along with an insane amount of sensitive data.
The WannaCry Ransomware attack marked the beginning of a new era, where cybercriminals targeted the masses rather than focusing their attack on selected businesses or corporations. This means that going forward, and as such attackers improve themselves and become fiercer, no one is safe online.
Who created WannaCry
The WannaCry attack was not created by a single individual or a group, rather it was contributed to by many entities.
The first entity that made the WannaCry ransomware attack possible in the first place is National Security Agency (NSA) which was the first to discover backdoors in windows OS which could be used to eavesdrop on millions of Windows users. Rather than reporting this finding to Microsoft so that it can be fixed, NSA used it to create a tool called EternalBlue, to tap user data and communication from around the world.
It is difficult to estimate the number of years NSA may have been using this exploit to eaves drop on users for their mass-surveillance programs; the EternalBlue exploit was made public by a group of hackers that identified themselves as Shadow Brokers on April 14, 2017. Once the exploit became public, it was evident that someone may use it to create a massive cyber-attack.
To prevent such a scenario from causing widespread damage, Microsoft released update patches for all of its active OS versions, being Windows 7, Windows Vista, and Windows 10. However, only a few people had installed updated patches in the days that followed.
On May 12, 2017, the first version of WannaCry Ransomware hit devices across the world. About three days later, a kill switch was found by Marcus Hutchins, a Briton. He was able to stop the insane rate at which the ransomware was spreading. Shortly after, WannaCry Ransomware 2.0 hit the internet, this time having no kill switch. Since then, it has attacked dozens of companies, every time becoming more fierce and difficult to avoid.
How did WannaCry Ransomware Spread?
WannaCry ransomware engulfed Europe, Asia, America and even other parts of the world. It spread at an incredibly fast rate never witnessed before.
Cybersecurity experts have long warned us about such attacks that can cripple economies. It appears that their worst fears and prophecies are now turning true.
The WannaCry Ransomware attack was made possible due to a backdoor vulnerability that was initially discovered by the NSA but was kept a secret. Soon, this backdoor vulnerability became public information, and hackers used it to create this ransomware attack.
This ransomware spread through organizational networks and infected most of the connected devices even if just a single user clicked on the malicious link.
But that is just the beginning.
Soon after the attack, cybersecurity experts and analysts from around the world became active – some gave opinions, some tried to provide solutions as well. But one thing was what everyone said: this is just the beginning of a new era of cyber-warfare in which everyone is at a risk of becoming a victim to ransomware in the future.
It is only logical to assume that cybercriminals will keep improving their malicious tactics, and attack us with far more dangerous malware in the future. In light of this realization, no amount of caution can be enough – internet users have minimal choices apart from beefing up their cybersecurity game. Not doing so can compromise their identity, credentials, and even their savings.
Previously, cyber-attacks usually consisted of virus and Trojans which affected targeted devices and were difficult to mass-spread. The recent WannaCry Ransomware attack was able to affect millions of devices in a few hours, so going forward, this number can easily crawl up to billions.
How can Ransomware impact businesses?
Usually, businesses suffer the most in a ransomware attack. All important and sensitive data such as financial reports, cash flows, user base, client details amongst numerous others get lost as a result of the encrypting ransomware. It’s essential to understand that just like it is possible for cybercriminals to break through devices’ firewall and security, and make all the data useless, it is also possible that the same backdoors can be used to copy all the data.
Once the sensitive data has been copied, it can be easily sold to competitors and even startups in the same field. This can initially compromise business reputation, and heavily impact revenues and market share in the long run.
For businesses that do make it mandatory for all of their data to be backed up at regular intervals, say every week, suffer the least damage. In events of cyber-attacks of any type, all that is needed to be done to protect their data is to wipe all the drives of all devices in the organization and restore data from the previous backup.
It requires time and effort, and is usually very stressing, but compared to the damages of entirely losing all data, restoring from backups is a cake walk.
How can Ransomware impact individuals?
If you're an individual and your data in the folders has been encrypted, there's a high chance that your information such as pictures, videos, documents, financial statements, bank details, social account passwords amongst others are completely lost.
Against the common belief that regular internet users are usually law-abiding citizens and have nothing to hide, it is eye-opening to know that only 12% of smartphone users deploy the built-in security features to protect their data, reported Motorolla in 2011.
Other smartphones users who take their security usually lightly, often store very sensitive information on their smartphone. The same report by Motorolla goes on to claim that 20% users store their social security info, 25% users store their bank account info, and 33% users store work email passwords on their smartphone.
Using the same logic, if the cybercriminals can breach a device’s security and damage data, they might as well steal it and use it in a way that can be very harmful and be defaming. Imagine if a cyber-stalker uses your information to blackmail you and demand a ransom. Such an activity can cause a person to get surrounded by problems for years, which can lead the victims to do unspeakable things to themselves.
Needless to say, one should always be very careful of the intricate details they save on their devices. Think about it this way, whatever you save on your phone can one day become public information. So always be very careful in deciding what information to save on your phone and what to delete.
How about paying the ransom?
There’s nothing you can do once you’re infected by the ransomware as it encrypts any and all files on your computer completely. It seems that the only way to recover your encrypted data is by giving into the demands of cyber criminals and pay the ransom.
However, this is strongly advised against, as there is no surety for users to be able to recover their data, even after the ransom payment. However, if you have a backup of all your data, you should be able to restore it after wiping your hard drives clean and resume work.
Undeniably, the most simple, fast and reliable method to recover any files that have been encrypted by the Wana decrypt0r 2.0 ransomware is to restore them from any possible backup taken before the ransomware took place.
To answer the question whether you should pay, let’s be clear first: WannaCry hackers are criminals that you’re coming to face with, so there’s no guarantee as to what might fall through when you do make any payment. It just might be equal to simply throwing your hard-earned money away. Or it might work out in your favor where you do recover your files.
Only you can decide whether or not to pay criminals the ransom. We recommend, Don’t Do It. Making any payments to WannaCry ransomware only reassures their criminal enterprise’ agenda, and puts millions of people and businesses at risk of finding their files encrypted by the ransomware as WannaCry certainly won’t be catering to each payment received.
As an alternative, pick up from the harsh experience. Most importantly, start off by backing up your data so that this never has to happen to you ever again!