It's been a year since the great WannaCry ransomware attack that caused damage to over 230.000 computers. The malware spread so quickly because the development team had combined ransomware with EternalBlue, a tool leaked from the NSA's "hacking arsenal." EternalBlue has allowed WannaCry to use worm capabilities to deploy itself on vulnerable Windows systems.
Initially many believed that WannaCry was emailed, but ransomware did not require any interaction between its users - victims. With the EternalBlue and a tool leaked by the NSA (the DoublePulsar), the worm was looking for vulnerable SMB ports to enter vulnerable systems.
Once SMB exploits were identified, they were used not only to spread WannaCry on a single computer, but also to transmit it to all computers on the same network.
The Spanish mobile phone company Telefónica was one of the first major companies to report problems with WannaCry, while as of the afternoon of 12 May, the UK NHS reported problems in hospitals, medical surgeries across the country, but also in thousands of appointments online.
The French carmaker Renault and the German railway company Deutsche Bahn were also on the list of high-profile victims in Europe, while some Russian ministries and companies in the country did not escape the disaster.
The attackers demanded $ 300 at a specific address and threatened to double the ransom if not paid within three days. If the victim did not pay within a week, their files would be deleted.
Of course, security researchers and governments do not recommend paying a ransom. But which of them can make up for lost data? The controversy of course came from researchers who they discovered that even if the ransom was paid, the ransomware encryption did not allow the files to be decrypted.
But what has this whole story taught us? Before the evil started, everything was calm, as it is today. Friends chatted on Facebook, trolls roamed Twitter, and others searched for a good movie for the night.
Among them, and among us there are many who have not kept a backup of their system. Or others kept it, but have it on a portable drive, permanently connected to their computer. To mention the carefree who bought (or broke) a super duper antivirus…
Yes, they are the same people who, after the "unfortunate" moment, desperately seek help, in chats, forums and from the technicians of the company or the neighborhood.
What did you learn from the story?