It is now two years ever since the WannaCry wave of attacks hit thousands of users worldwide.
In what has been widely recognised as one of the worst and most far-reaching hacker attack vectors, companies saw their systems shut down, individual users turned on their devices only to discover their data had been encrypted by hackers demanding payment to decrypt it, and high-profile targets such as the British NHS made headlines around the globe.
How far have we come since then – and are we more prepared to deal with similar incidents?
The WannaCry attack was the first instance of a type of malware called ransomware that got wider attention. What sets ransomware apart is that the attacker locks the target’s data with encryption and then blackmails the victim into paying a ransom in order to unlock it.
Just like any other malicious attack vector, ransomware seeks out and exploits vulnerabilities within a system or takes advantage of human error in order to infect a device – which can be anything from a computer or a smartphone, to a wearable or a printer.
The most common ways in which ransomware is able to invade a user’s device is by tricking the victim into clicking on a malicious link that will allow the malware to find an entry point. This is very often carried out by phishing scams, where the recipient is targeted by an attacker who disguises as a trusted source.
The victim is duped into clicking on a fraudulent link, usually in an email or on a social media post on Facebook or other platforms, which redirects them into an unsafe webpage.
Other sources of potential infection include installing an infected application or program that contains malicious code and is designed to execute it on the user’s device, or even further spreading the malware from one user to the next via a network or a USB drive.
After ransomware is executed, it encrypts all of the user’s data, while it also sometimes encrypts or even deletes any backup files. Then it usually deletes itself, leaving the victim to deal with the payment instructions and mitigating the catastrophe.
Ransomware has proven an effective and profitable way for hackers to extort victims, as well as make a name for themselves, so it is no surprise that cybercriminals continue to develop new types of this malware, especially after the impact of WannaCry.
According to research published on Statista, in 2017 alone there were 327 newly added families of ransomware, up from 247 in 2016, while another 222 were discovered in 2018. This marks a stark increase from the respective figure in 2015, which amounted to 29 new ransomware families.
After the impact that WannaCry had, it is certain that hackers will still strive to create and deploy even more sophisticated ransomware strains.
Even before WannaCry, ransomware was a well-known tool for hackers. Strains like Cryptolocker, CTB-Locker and Teslacrypt have managed to infect thousands of users, making a lot of illicit profit for their creators.
But while these variants focused on steady waves of attacks, none managed to hit the scale of WannaCry – which is why it is considered by many analysts as a tipping point in the evolution of this type of malware.
A few months after the incident, a new type of the already known Petya ransomware strain, dubbed NotPetya, incorporated elements of the WannaCry attack to further develop and attack Windows systems – mainly based in Ukraine.
Then in 2018 and 2019, Ryuk reared its ugly head: another ransomware variant which has the added feature of managing to disable the system restore option on Windows, thus hindering successful retrieval of encrypted data.
Launched as part of a particularly malicious plan, Ryuk specifically targeted victims that would be desperate to get their systems up and running again as fast as possible. These included a water utility that was at the time dealing with the effects of a natural disaster and several daily newspapers.
Fortunately, the cybersecurity community is fighting back and constantly developing new ways to deal with ransomware attacks. For both individual users and companies, keeping your operating system up to date is of pivotal importance.
Developers regularly release patches and updates that are designed to fix security flaws discovered in the system. Setting your OS to automatically install new updates is crucial, as well as regularly checking manually that every is functioning smoothly.
The infamous WannaCry attack targeted victims exploiting a flaw in Windows that has been dubbed EternalBlue. Once Windows IT support discovered this, they released a patch to fix it. It is estimated that several users that were hit by the ransomware attack had not updated their Windows OS recently, and many of them would have not been compromised if they had done so.
Disabling Adobe Flash and macros also protects you from unwanted scripts being executed without your consent, which greatly hinders malware infection. Being cautious about suspicious links in emails and double-checking their origin before clicking on them will allow you to stay clear of phishing scams.
Finally, regularly backing up your data will ensure that even if you fall victim to an attack, you will be able to bounce back quickly.
Ransomware is on the rise but that doesn’t mean that users cannot take crucial steps that will greatly enhance their security online. Getting informed is the first step – and staying vigilant is necessary.