A significant ransomware assault hit computers worldwide in 2017. The “WannaCry” programme infected a sizable number of systems throughout several businesses, including Nissan and FedEx. More than 70,000 computers and other pieces of medical equipment were impacted in 80 NHS entities in the UK, which proved devastating on the NHS. Because someone accessed a malicious file or clicked a malicious link, the attack resulted in the cancellation of more than 19,000 operations and cost the NHS an estimated £92 million.
By taking use of a flaw in the Windows Server Message Block (SMB) protocol that allowed malware to be executed on the target system, the WannaCry ransomware was able to propagate. It’s thought that the US National Security Agency (NSA) discovered the flaw as early as 2012, but instead of alerting Microsoft, it created a tool to exploit it, known as “EternalBlue.”
The NSA eventually became aware that there was a chance EternalBlue had been taken, albeit exactly when this occurred is unknown.
The NSA notified Microsoft of the vulnerability because they thought the tool’s usefulness was waning and they were worried about the possible consequences if the exploit were to be utilised widely. In March 2017, Microsoft issued a critical security fix for all supported OS systems in response to the issue.
The code for EternalBlue was made available in April of that year by the criminal hacker collective known as the “Shadow Brokers.” After two months, WannaCry made headlines.
Due to a combination of inadequate incident response protocols and a delay in applying security upgrades, WannaCry spread as quickly and widely as it did. On the morning of the initial attacks, various NHS organisations started alerting NHS Digital, the police, and others that something was wrong, but there was no concerted reaction until that evening.
Windows 7 was one of the supported operating systems for Microsoft’s March 2017 security patch, however it only accounted for about 98% of WannaCry infections globally. Despite NHS Digital’s recommendation to deploy the patch in April 2017, none of the 80 vulnerable NHS organisations had done so.
The WannaCry attack serves as an example of the value of effective patch management as well as how quickly an attack may spread in the absence of a tried-and-true incident response strategy. The attack might have been completely avoided or at least have less of an impact if the patch had been applied and the reaction had been well planned.