WannaCry - HACKING 17 Most Dangerous Hacking Attacks (2017)

HACKING 17 Most Dangerous Hacking Attacks (2017)

Chapter 17 - WannaCry

Another new type of ransomware called WannaCry has hit the world just in May 2017. Attackers have used a very same or somewhat similar technique as any other ransomware. However, it was different than traditional locky. This time it seemed that was released worldwide affecting 99 countries just in less than five days. However, 3 weeks after the cyber attack the new report showed that more than 150 countries had victims. More than 70000 cases have been reported from all over the world.

In the US one of the most famous Delivery company FedEx have been affected, as well Homeland Security adviser has added that several US government services also have been affected.

In China, more than 30000 companies have been affected, including government agencies, schools, and hospitals.

In the UK, mainly the NHS – National Health Services were affected. Close to 50 organizations have been hit with ransomware, in a result of GP-s and hospitals were unable to use their computers. As I live in the UK and I have friends who are working in the NHS, they have told me that not every NHS organization has been hit, also wasn’t spreading around as at many other companies. The fact is that NHS has so many networks, it would be impossible to add them together. This, of course, was one of the reasons NHS got lucky as one of my friend said they had not been affected even a slightest. I also know that NHS is not exactly a company that after profit, therefore they have got the latest tech neither like to spend money for network security or raising the salary for people’s wages in the IT department. The problem with unusable computers in hospitals, and GP-s are simple. When you get sick and making a phone call to book an appointment, the receptionists would take your details, and their in-house system would help to find the earliest date available. Unfortunately, the computers were down, and receptionists had to get back to paper/pen style, and taking details like the old times. The problem with these is that no one can tell when the next available appointment is. Additionally, the phone lines got busier as each of the phone calls was taking a lot longer. Shortly a day after the cyber attack has started, they have announced in various news channels, and radios the following:

Please do not call the NHS, unless is an emergency situation!

When you think about calling the hospital or even your local GP for an appointment, but they would tell you that is not a case of urgency, so you have to wait, it’s certainly not your dream. Turned out that was nobodies wish. There was a little chaos. Additionally to appointments, there were people with scheduled surgery dates, and if you know how long that typically takes, then you are aware that some people have to wait a year + sometimes to have such appointment. What happened with many people has they had their operation, or surgery canceled, as all the important details would require for the operation, wasn’t available anymore as they were unable to get into the computers.

While I was working for a Financial Organization at work, we have increased the Firewall reports, and begin to take a closer look at them. Of course, no one has mentioned anything like it, but I tell you the truth; I was scared for days. I mean who want to face with a locked screen that is demanding for $300 worth of Bitcoin!

Every single issue that was reported, we have been taking a look as never before. For example, helpdesk has indicated that one of the wireless networks has slowed down! We were all over the place looking at the possible issues that could have been, however, turned out that only one of the Access Point had to be bounced as it wasn’t registered to the WLAN (Wireless LAN) Controller. Then another incident has been raised that our website wasn’t available, but actually, it’s not hosted by us, and they had a scheduled maintenance for that. In the end, we had no effect of any ransomware whatsoever. However, it has kept us on out toes.

In France, the car company called Renault has been effected, and some of their factories had to be suspended manufacturing car parts while they have replaced their computers.

In Spain one of the biggest Telecom company called Telefonica has been hit with ransomware, affecting more than 1000 computers. However, they have replaced them quickly to keep the company up and to run.

In India close to 20 systems have been hit and most of were state police computers.

Russia has reported over 1000 computers that have been affected by WannaCry ransomware, and according to Kaspersky Lab, Russia has infected the most from any other countries.

When you closely look at this incident, you may realize that most places the computers were hit were all running some outdated Windows Operating System that wasn’t upgraded or patched accordingly. Therefore I would recommend to always keep your computer up to date with the latest operating system running. Additionally, make sure that you have an active Antivirus, frequently updated.

Who is behind the attack? I have my theory, and I am not blaming a particular country's government like some news channels. In my opinion, it was more like an individual organization. However I will not dare to mention who and for what reason might have caused this Cyberattack, as even my theory is correct about who might have done it, I am still not sure the exact reason what is their plan with this. According to the Bitcoin wallet, there were only just a little more then 300 payments have been made to the attackers' portfolio, profiting only around $100K, meaning it wasn’t for a profit. Shortly we might be able to figure it out exactly who did it and for what reason, but for now keep safe and be aware.