Mitiga Appoints Charlie Thomas as CEO READ THE RELEASE

Mitiga Announces $30M Series B Led by SYN Ventures READ THE NEWS

Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main

Five years ago, the WannaCry ransomware cryptoworm targeted computers running Microsoft Windows, encrypting data at organizations around the world. The attackers demanded a ransom of just $300 worth of bitcoins within three days or the files would be permanently deleted. The cryptoworm leveraged the EternalBlue exploit, which the National Security Agency developed to attack older Windows Systems.  

The attack was effective against organizations that had not implemented patches for the exploits or were still using old Windows systems that Microsoft no longer supported, while the vulnerability itself was revealed in April 2017 during a leak of NSA documents and hacking tools by the Shadow Brokers group in April 2017. Some estimated that the WannaCry attack impacted more than 200,000 computers in at least 150 countries, with damage estimates ranging in cost from hundreds of millions to billions of dollars. Prevention efforts alone were not sufficient to protect us from these attacks.  

Lesson #1: Prevention is not enough

Five years later, is the world ready to respond effectively to a massive attack like WannaCry? Are we more ready now to respond to a similar incident? As anyone in the software industry knows, patching vulnerabilities is often a time-consuming and complex process — just look at the number of organizations that have yet to patch Log4Shell months after it was announced. Even organizations that have patched the Log4j vulnerability may find that patching alone isn’t enough to stop attackers. They may have already used a vulnerability to gain access to an environment, and far too few organizations conduct regular proactive threat hunting to uncover such activities.

Lesson #2: Multiple incidents are devastating

The breadth of the WannaCry attack taught us that the impact of multiple simultaneous attacks using the same attack vector can be devastating. Are we more ready now to respond to similar incidents that impact so many customers worldwide at once? Five years ago, the world was not, and unless we increase automation, particularly in incident response, to scale up to meet the needs of customers around the world impacted by multiple incidents at the same time, we won’t be prepared to handle similar attacks in the future. To do that, we not only need automation but also to be far more efficient in sharing intelligence and cooperating across industries, organizations, and countries to handle these types of attacks.  

Lesson #3: Nation state weapons will leak

Today, cyberwarfare programs are increasing in sophistication in an ever-growing number of countries such as the United States, China, the United Kingdom, Russia, and others. WannaCry itself was based on a leaked zero-day vulnerability from a nation state organization, quickly leveraged into a ransomware attack. As cyber capabilities grow in nation states, it’s extremely likely that each one has a collection of zero-day vulnerabilities at their disposal. Leaks of these nation state level weapons are always possible, and adversaries will be quick to take advantage of them if they occur, so we need our agencies to work to secure these types of weapons and put effort into making sure these weapons do not become widely dispersed.  

WannaCry Lessons Learned: Be Ready  

Organizations must be prepared for a global cryptoworm like WannaCry or any other massive attack. While these types of events may seem extraordinary because the scale was unusual, this type of activity must be expected. Cybercriminals will continue their attacks because it offers significant rewards with minimal risk.  

Prevention solutions are a valuable and necessary part of cybersecurity today, but it’s also critical to prioritize cyber resilience. You can do so by adopting an approach to cybersecurity that prioritizes readiness and includes automation to accelerate incident investigation and resolution. Without a change in approach, one that addresses the changing technological landscape capabilities as well as attack vectors of threat actors, we will be as vulnerable to a massive attack like WannaCry as we were five years ago.

Are you ready for the next ransomware attack?

LAST UPDATED:

May 4, 2024

Don't miss these stories:

Can vulnerabilities in on-prem resources reach my cloud environment?

What risk does this Zoho password manager vulnerability present, and could this on-prem vulnerability impact cloud environments as well?

Log4Shell - identify vulnerable external-facing workloads in AWS

Cloud-based systems should be thoroughly searched for the new Log4j vulnerability (CVE-2021-44228). But this is a daunting task, since you need to search each and every compute instance, from the biggest EC2 instance to the smallest Lambda function. This is where Mitiga can help.

How Transit Gateway VPC Flow Logs Help Incident & Response Readiness

In this blog, we will focus on the security and forensic aspects of Transit Gateway VPC flow logs and expand the way they can be used by organizations to respond to cloud incidents.

Uber Cybersecurity Incident: Which Logs Do IR Teams Need to Focus On?

On September the 16th, Uber announced they experienced a major breach in their organization in which malicious actor was able to log in and take over multiple services and internal tools used at Uber. What are some of the logs that IR teams should be focusing on in their investigation?

Viral Outbreaks: Thinking of Microsoft’s New Wormable Vulnerability in a Coronavirus Context

But today, in the midst of a pandemic outbreak of Coronavirus (COVID-19) and while governments and global organizations work to contain and eradicate the virus, we’re hearing of a new wormable vulnerability in Microsoft’s SMBv3 protocol.How can we learn from these unfortunate events to provide us with a different context and an opportunity to rethink our level of readiness for unexpected, viral cyber events?

Unlocking Cloud Security with Managed Detection and Response

See how Mitiga’s Cloud Managed Detection and Response tackles complex cyber threats with proactive threat management and advanced automation at scale.