By Matt Cadwell
In 2017 the WannaCry ransomware cryptoworm made its public debut. Targeting Microsoft Windows by exploiting EternalBlue, WannaCry encrypted a user’s operating system and required bitcoin as payment to decrypt.
EternalBlue is a remote exploit that was developed by the NSA, subsequently stolen by (among others) Shadow Brokers, and leaked publicly giving way for it to be wormed as WannaCry.
Shortly before the leak of WannaCry to the public, the NSA had reportedly decided to alert Microsoft to the seriousness of this vulnerability. It’s a love-hate relationship between the NSA and Microsoft, but that’s a story for another time. Microsoft quickly developed a patch for EternalBlue and by March 2017 it was available to the public for install.
Although the patch was created and released by Microsoft before the spread of WannaCry, the worm still managed to reach an estimated 300,000 machines and cause an estimated $8 billion in damage. Machines were affected for a variety of reasons ranging from ‘end of life’ versions of Windows to neglectful administrators. In a matter of a few days, Microsoft pushed an emergency patch effectively stopping the spread of WannaCry, but the damage was already done … mostly.
Fast forward three years to today. We, as an industry, have failed miserably in patching our systems and our bad habits don’t appear to be changing. As a Penetration Tester for LRS IT Solutions, I’m always amazed by the number of critical, and often remotely exploitable, vulnerabilities I come across. Vulnerabilities that could easily be eliminated by simply patching. Vulnerabilities that put not only your organization at risk, but also yourself.
It’s these bad habits that have allowed attacks like WannaCry to be so successful.
Granted, WannaCry and the like are old threats, but the lessons we should have learned years ago have fallen on deaf ears. The sad fact remains, there are still systems online that are vulnerable to attacks from 5, 10, 15, and even 20 years ago. We have to learn from our mistakes and stop repeating the same bad behaviors or we’ll be fighting a lost cause.
The Security team at LRS IT Solutions can help you assess your vulnerability to old threats like WannaCry and newer threats you haven’t heard about. Fill out the form below to request a consultation.
About the author
Matt Cadwell is an Information Security Architect for LRS IT Solutions. He holds a GPEN certification from Global Information Assurance Certification (GIAC) and is a member of the GIAC Advisory Board. Matt’s IT experience spans government, manufacturing, financial services, and other industries.