Hello everyone and welcome to ZD Tech, ZDNet’s daily editorial podcast. My name is Louis Adam and today I will explain to you why the WannaCry ransomware outbreak made computer security history.
On May 12, 2017, many system administrators are seeing red. The cause ? The WannaCry ransomware, which that morning began infecting computers around the world. For the victims, the result is always the same: the affected computer and the data it contains become inaccessible and a red screen is displayed, demanding the payment of a ransom in bitcoins to regain access to the data.
In 2017, ransomware is a known threat. But WannaCry is distinguished by its speed of proliferation: in the space of a day, it is estimated that the software would have infected just over 200,000 machines in more than 150 countries. And everyone seems targeted, from SMEs to major British hospitals.
Find the killswitch
In this situation, the reaction is not long in coming. Microsoft is rapidly releasing a security patch aimed at closing one of the vulnerabilities used by WannaCry to spread.
Researchers analyze the malware and also discover a “killswitch”, a mechanism provided by the designers of WannaCry to stop its spread. This is activated and manages to slow down the distribution of the software for a few hours, before new versions appear.
A race against time grips the industry, and the number of WannaCry infections finally drops a few days after its discovery. The attack still leaves many victims behind: the damage is difficult to estimate, but is counted in the hundreds of millions of dollars.
A rapid spread
The effectiveness of WannaCry is no coincidence. This one has functionalities allowing it to spread very quickly on the networks of its targets. A speed of propagation made possible by the use of two tools known as Eternal Blue and Doublepulsar.
This is software developed by the NSA, the American intelligence agency, and released publicly on the web by the mysterious Shadow Brokers group in mid-2016.
Eternalblue notably exploits a security flaw that allows WannaCry to spread at lightning speed. This vulnerability had however been corrected a few weeks earlier, but nothing in Microsoft’s indications suggested that this patch was of particular importance.
An origin still unknown
WannaCry was a relentless demonstration of the damage that a very large-scale computer attack could cause. But the case still raises many questions: the United States has accused North Korea of being behind this attack. But some researchers believe that the creators were of Chinese origin.
And the end goal of the authors of WannaCry is still unclear even today. The amount of ransoms collected by the attackers remains low, around 100,000 dollars according to some experts. A derisory figure compared to the damage caused.