Last weekend, the WannaCry ransomware became the largest ransomware infection in history. In just a few hours over 237,000 computers across 100 countries were infected. Thanks to the quick thinking of 22-year-old British security researcher @MalwareTech, the attack was significantly quashed by registering a previously unregistered domain inside the worm which took advantage of SMB vulnerabilities of Microsoft computers, giving a ‘killswitch’ effect.
The two visuals below from intel.malwaretech.com show the WannaCrypt malware in action in the first 24hours after its release on Friday and early Monday morning after the killswitch was put in place.
The visuals are reassuring given the catastrophic effects the ransomware has had on the NHS and other large organisations. However, the fight against cybercrime is far from over.
What happens next? A call to action for individuals and governments.
Cybercrime is far from over: Microsoft has a team of 3,500 security experts who contribute to their patches and anti-virus updates. Make sure you stay safe and use them.
The Hacker News’ security expert Graham Cluley realistically proffers that
"Given the high profile of the original attack, it's going to be no surprise at all to see copycat attacks from others, and perhaps other attempts to infect even more computers from the original WannaCry gang. The message is simple: Patch your computers, harden your defences, run a decent anti-virus, and – for goodness sake – ensure that you have secure backups."
If you are concerned this Monday morning as to your company’s vulnerability to attack, consider disabling SMB from your computer as a preventative measure. Follow Microsoft’s guidelines and advice for doing so here and ensure your antivirus is up to date.
Microsoft's warned on their blog that:
"As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise, they’re literally fighting the problems of the present with tools from the past"
And continued to implore that businesses take heed:
"This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support."
A call for global discussion from governments.
Microsoft called in February before last week’s attack was released for a Digital Geneva Convention to protect countries against the global threat of cybercrime.
“Governments of the world should treat this attack as a wake-up call.They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Speaking after the attack, Brad Smith, Microsoft’s President and Chief Legal Officer called for action:
“We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us”
You can find out more about what a Digital Geneva Convention might look like in Wired's article.
We owe a huge thank you to @MalwareTech for his involvement in a global crisis, but attacks such as WannaCrypt are far from over. For companies who escaped last weekend's attack- use this as a clear wake-up call to make your anti-virus set up a clear priority going forward.