Curated commentary; timely topics View web version

“This historic attack was one of the biggest of all time and destroyed hundreds of thousands of computers, almost exclusively targeting large corporations. Companies all over the world were infected: hospitals, car factories, power plants, train companies—the list goes on,” wrote Mikko Hyppönen, a highly-respected security veteran and currently Chief Research Officer at WithSecure.

The attack was eventually attributed to North Korea’s Lazarus Group. But what is perhaps most notable about WannaCry is that it opened eyes to the coming plague that is ransomware today. While not new, it got people talking about this kind of malware, which until that point was not nearly as well-known. On Twitter, infosec influencers traded a few stories from the day and reflected on lessons learned.

“Today is the 5th anniversary of the Wannacry ransomware incident, which began as a spillover from a North Korean cyberattack. The spillover eventually brought the NHS to its knees until a lucky Brit bought a kill switch domain, halting it in its tracks,” tweeted Gareth Corfield (@GaztheJourno), a writer covering technology and security for the Telegraph’s business section.

That Brit mentioned by Corfield was then-22-year-old Marcus Hutchins (@MalwareTechBlog), a hugely popular influencer in the security space on Twitter who did a lot of his own reminiscing on the anniversary date.  Hailed as a hero to this day for his discovery of the kill switch that stopped the continued spread of the ransomware, he said press inquiries were pouring in.

“I keep getting interview requests like "it's the 5 year anniversary of WannaCry—where are you now and how did the publicity advance your career?" then I have to explain I still work in the same position at the same company as I did before all that,” he tweeted.

Still lurking, ready to wreak havoc


Like Hutchins’ career moves, little has changed since that day in 2017 when WannaCry first hit, security experts say.

“5 yrs on from WannaCry. Lots has changed and lots hasn’t,” tweeted Lisa Forte (@LisaForteUK), a partner with security firm Red Goat Cyber Security.  “Was it the cataclysmic change in security perception and cyber risk we hoped? Did TAs learn more than we did? Have Govs taken action to better secure zero days / offensive sec tools they develop? What are your thoughts?”

Most who weighed in felt that, no, despite its high profile, WannaCry made little long-lasting impact.

“Was it the cataclysmic change in security perception and cyber risk we hoped? No. Did TAs learn more than we did? Probably. Have Govs taken action to better secure zero days / offensive sec tools they develop? I think there has been policy changes... reality changes... who knows?” tweeted researcher and ethical hacker Daniel Card (@UK_Daniel_Card).

“I think you are entirely right. Sadly governmental processes seem to process on a decade scale while technology related issued [sic] progress on an monthly or even daily basis,” added TrustedSec founder Dave Kennedy (@geordiemuppet).

Clearly this is reflected in WannaCry’s current status as a top threat, still out there and waiting for the right opportunity with vulnerable businesses. Reporter Connor Jones of ITProUK points out in a recent article that many fail to realize that WannaCry still actively lurks on the ransomware landscape.

“What’s more, cyber criminals still using WannaCry have learned from its failures and have come back with reworked, retooled versions that eliminate the ‘low hanging fruit’ kill switch that ultimately proved its downfall five years ago,” he writes.

So, happy 5th anniversary to you, WannaCry! You don’t look a day over four. And if the status of many networks is any indication, you are as fresh as the day you were born. But not everyone thinks you’re worth celebrating.

“I’m celebrating an alternate holiday today,” tweeted Tarah M. Wheeler (@tarah), founder of security firm Red Queen Technologies. “Instead of wishing people Happy WannaCry Day, I’m offering a heartfelt Merry Patch Your S*** Eve to those who celebrate.”

How are we doing? We’d love to hear how you like this newsletter. Email us at idgnewsletters@idg.com

Related reading:

DHS wargames included a scenario similar to WannaCry

The table top exercise demonstrated a need for clear communications between federal, state, and private businesses. Read More.

 

The worst and most notable ransomware: A quick guide for security pros

The ransomware gangs and their malware listed here have victimized millions of companies and caused billions of dollars in costs. Read More.

 

The fault for ransomware attacks lies with the challenges security teams face

The realities of managing and protecting IT infrastructures puts IT and security personnel in a no-win situation when attacks like WannaCry or ExPetr occur, so stop blaming them. Read More.

 

About the Author
Joan Goodchild is a veteran writer and editor with 20+ years experience. She writes about information security and strategy and is the former editor in chief of CSO. 

Linkedin Facebook Twitter YouTube
Privacy Policy | Manage Your Subscriptions | Unsubscribe
Advertise with us! | More Newsletters | Our Brands
©2022 IDG Communications, Inc.
140 Kendrick Street
Building B
Needham, MA 02494