Three weeks post-attack, and WannaCry is still top-of-mind for infosec professionals worldwide. This was very much in evidence during this week’s SecureWorld Atlanta, which I had the privilege of attending. Multiple sessions — including a panel discussion that featured Wombat Chief Architect Kurt Wescoe — covered ransomware attacks in general, but the conversations all spent a fair amount of time focusing on WannaCry and its impact.
The interesting thing is that WannaCry has been called a “somewhat amateur” piece of ransomware (see the ZDNet link below). That and some of the other “oddities” of the attack — like the embedded kill switch and the relatively low return the cybercriminals received for their efforts — left us wondering if the code was intentionally flawed. Perhaps a “gray hat” hacker out there fired this warning shot to unsuspecting organizations, intending WannaCry to be a bit of an international wake-up call? Or maybe it was a test run of sorts for copycat (and kill-switch-free) variants like UIWIX and EternalRocks? Or maybe it was something far more devious, like a false flag that flew the banner of ransomware for all to see while a more dangerous malware permeated into systems undetected?
For now, we are left to speculate. But regardless of whether WannaCry’s failings as an extortion tool were accidental rather than deliberate, it’s critical to recognize that even low-level ransomware can spread and have debilitating consequences if you are not prepared.
Our Ransomware Resource Center can help you fight this dangerous cybersecurity threat.
Read some of the latest news about the WannaCry ransomware attack in the following articles:
- WannaCry ransomware code errors could give victims a chance to get files back, ZDNet, June 1
- Useless WannaCry security apps prove you shouldn’t download in a panic, TechRadar, June 2
- WannaCry cyber hackers linked to China, not North Korea, experts say, The Telegraph, May 30
- Author of EternalRocks SMB Worm Calls It Quits After Intense Media Coverage, Bleeping Computer, May 25
- UIWIX ransomware is not a WannaCry wannabe, SC Magazine, May 18
- Basic security hygiene blocked WannaCry – but a comprehensive defence needs more, CSO Australia, June 2