You wannacry, don't you?

It has been a frustrating month for all IT executives around the globe. They were faced with the most devastating attack on IT systems that they had ever seen. This attack, different from many known cyberattacks, hit everybody where it really hurts: data. The worm called "wannacry" spread from one computer on the net to another, encrypted important files, and would only delete them unless a ransom was paid. 

According to Wikipedia, once installed, wannacry uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts, which have not been updated with the most recent security updates yet, to directly infect any exposed systems. A "critical" patch had been issued by Microsoft on March 14 to remove the underlying vulnerability for supported systems, nearly two months before the attack, but many organizations had not yet applied it.

The most critical point about wannacry is the fact that it spreads even if you don't click anywhere, or take any action, like the usual phishing attacks. It spreads on its own like a real virus. 

So IT managers were caught off guard. They thought that they did everything that they could to defend their systems, but wannacry disabled many institutions so fast that in the countries most affected, many hospitals were unable to function even though their IT systems are usually the best when it comes to security. 

The ransomware campaign was unprecedented in scale according to Europol, which estimates that around 200,000 computers were infected across 150 countries. According to Kaspersky Lab, the four most affected countries were Russia, Ukraine, India and Taiwan.

According to various resources, the attack...

Continue reading on: