3 Lessons Learned from the WannaCry Ransomware Attack
If you follow the news, you’ve likely heard of the WannaCry ransomware attack, one of the most widespread cyber attacks to date. Once infected with this ransomware, all information on the user’s computer is encrypted (i.e., locked away) unless a ransom of $300 to $600 is paid to the attackers in Bitcoin.
Security experts estimate that more than 200,000 users have been infected with this malware. And to make matters worse? There’s no evidence that the attackers have ever held up their end of the deal. Generally speaking, for those who have paid, the encrypted information was not returned in its normal state. In other words, this global attack just left ransomed information irrecoverable.
Can anything be done to defend against similar attacks in the future? Fortunately, the answer is "yes." Let’s review three valuable lessons learned from the WannaCry ransomware attack.
Earlier this year, a notorious hacker group called the ShadowBrokers leaked confidential National Security Agency (NSA) hacking tools and techniques, including a number of critical Microsoft vulnerabilities. Just a few weeks later, WannaCry struck, taking advantage of one of those vulnerabilities.
If we were keeping up with security news and read about the NSA leak, we would have been warned that our Microsoft software was wide open to an attack. But even if we had been able to follow these breadcrumbs, what could we have done? That’s where lesson #2 comes in.
When news of the NSA leak first broke in April, Microsoft immediately reported that it had released an appropriate security patch. In fact, it had released the patch in March—one month before the NSA leak. Sounds as if we should’ve been all set, right?
If everyone had updated their machines on time, that would have been true. Unfortunately, when we’re at our computers and an update box appears, we sometimes delay installation because we don’t want to be interrupted. But system updates often include critical security patches that protect us from current cyber attacks. Delaying their installation only leaves us vulnerable for a longer period of time.
It turns out that all 200,000 victims of the WannaCry ransomware attack had unpatched systems. Although the attack struck in May, these users hadn’t updated their Windows operating systems (and subsequently rebooted their computers) since before March, so the patch hadn’t taken effect.