Mitiga Announces $30M Series B Led by SYN Ventures READ THE NEWS

Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main

Five years ago, the WannaCry ransomware cryptoworm targeted computers running Microsoft Windows, encrypting data at organizations around the world. The attackers demanded a ransom of just $300 worth of bitcoins within three days or the files would be permanently deleted. The cryptoworm leveraged the EternalBlue exploit, which the National Security Agency developed to attack older Windows Systems.  

The attack was effective against organizations that had not implemented patches for the exploits or were still using old Windows systems that Microsoft no longer supported, while the vulnerability itself was revealed in April 2017 during a leak of NSA documents and hacking tools by the Shadow Brokers group in April 2017. Some estimated that the WannaCry attack impacted more than 200,000 computers in at least 150 countries, with damage estimates ranging in cost from hundreds of millions to billions of dollars. Prevention efforts alone were not sufficient to protect us from these attacks.  

Lesson #1: Prevention is not enough

Five years later, is the world ready to respond effectively to a massive attack like WannaCry? Are we more ready now to respond to a similar incident? As anyone in the software industry knows, patching vulnerabilities is often a time-consuming and complex process — just look at the number of organizations that have yet to patch Log4Shell months after it was announced. Even organizations that have patched the Log4j vulnerability may find that patching alone isn’t enough to stop attackers. They may have already used a vulnerability to gain access to an environment, and far too few organizations conduct regular proactive threat hunting to uncover such activities.

Lesson #2: Multiple incidents are devastating

The breadth of the WannaCry attack taught us that the impact of multiple simultaneous attacks using the same attack vector can be devastating. Are we more ready now to respond to similar incidents that impact so many customers worldwide at once? Five years ago, the world was not, and unless we increase automation, particularly in incident response, to scale up to meet the needs of customers around the world impacted by multiple incidents at the same time, we won’t be prepared to handle similar attacks in the future. To do that, we not only need automation but also to be far more efficient in sharing intelligence and cooperating across industries, organizations, and countries to handle these types of attacks.  

Lesson #3: Nation state weapons will leak

Today, cyberwarfare programs are increasing in sophistication in an ever-growing number of countries such as the United States, China, the United Kingdom, Russia, and others. WannaCry itself was based on a leaked zero-day vulnerability from a nation state organization, quickly leveraged into a ransomware attack. As cyber capabilities grow in nation states, it’s extremely likely that each one has a collection of zero-day vulnerabilities at their disposal. Leaks of these nation state level weapons are always possible, and adversaries will be quick to take advantage of them if they occur, so we need our agencies to work to secure these types of weapons and put effort into making sure these weapons do not become widely dispersed.  

WannaCry Lessons Learned: Be Ready  

Organizations must be prepared for a global cryptoworm like WannaCry or any other massive attack. While these types of events may seem extraordinary because the scale was unusual, this type of activity must be expected. Cybercriminals will continue their attacks because it offers significant rewards with minimal risk.  

Prevention solutions are a valuable and necessary part of cybersecurity today, but it’s also critical to prioritize cyber resilience. You can do so by adopting an approach to cybersecurity that prioritizes readiness and includes automation to accelerate incident investigation and resolution. Without a change in approach, one that addresses the changing technological landscape capabilities as well as attack vectors of threat actors, we will be as vulnerable to a massive attack like WannaCry as we were five years ago.

Are you ready for the next ransomware attack?

LAST UPDATED:

May 4, 2024

Don't miss these stories:

Cyber Trends for 2024: What Security Leaders Should be Executing Next

As we hurtle into this new year, it’s already clear that there is an evolving set of cyber risks that organizations will need to contend with successfully to manage threats and grow their organizational resilience in 2024. Below, I’ll outline three of the biggest ones, sharing recommendations and execution checklists that can help enterprises enhance their threat readiness and elevate security postures as the threat landscape continues to evolve.

How to Protect Your Business From the Most Dangerous Cyberthreats

Ransomware attacks are on the rise, and it now more important then ever to be prepared. Be prepared by having an up-to-date incident response plan. Learn more.

Stop Ransomware Attackers From Getting Paid to Play Double-Extortionware Games

In the past, many companies relied on backups to get back to business quickly if they were attacked. Reliable, secure backups separated from the primary environment made it much more difficult for an attacker to access and encrypt them. That long-standing process no longer deters double-extortionware actors — instead, today’s attackers not only encrypt the data but also exfiltrate it.

SEC Cyber Disclosure Rule FAQ: What Leaders are Asking Us

The U.S. Securities and Exchange Commission (SEC) recently implemented a new rule mandating stringent cybersecurity incident reporting and disclosure requirements for public companies.

Log4Shell - identify vulnerable external-facing workloads in AWS

Cloud-based systems should be thoroughly searched for the new Log4j vulnerability (CVE-2021-44228). But this is a daunting task, since you need to search each and every compute instance, from the biggest EC2 instance to the smallest Lambda function. This is where Mitiga can help.

For Incident Response, Give Peacetime Value a Chance

As an IR vendor, it is important to keep your customers up to date and prepared between breach attempts. Learn how to increase your peacetime value now.