{"id":2162,"date":"2017-05-16T14:00:34","date_gmt":"2017-05-16T12:00:34","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/what-we-can-learn-from-%e2%80%9cwannacry%e2%80%9d"},"modified":"2024-05-07T19:07:33","modified_gmt":"2024-05-07T17:07:33","slug":"can-learn-wannacry","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/","title":{"rendered":"What we can learn from \u201cWannaCry\u201d"},"content":{"rendered":"<p>On the past weekend the headlines were coming thick and fast about the <a href=\"https:\/\/www.theregister.com\/2017\/05\/13\/wannacrypt_ransomware_worm\/\" target=\"_blank\" rel=\"noopener noreferrer\">ransomware known as \u201cWannaCry\u201d<\/a>, which had paralyzed computers around the globe \u2013 even impacting on critical infrastructure.<\/p>\n<p>The malware exploited a long-known security gap in Windows, which the maker of the operating system, Microsoft, had already plugged in March. But as many computers had not yet been updated with the required patch or <a href=\"https:\/\/www.wired.com\/2017\/05\/still-use-windows-xp-prepare-worst\/\" target=\"_blank\" rel=\"noopener noreferrer\">are running such old versions of Windows, that Microsoft no longer provides updates for them on a regular basis<\/a>, the ransomware also known as \u201cWannaCryptor\u201d, \u201cWannaCrypt\u201d, \u201cWana Decrypt0r\u201d or \u201cWCry\u201d spread like wildfire. The criminals demanded payment from high-profile victims such as\u00a0<a href=\"https:\/\/www.theguardian.com\/commentisfree\/2017\/may\/13\/nhs-computer-systems-insufficient-funding\" target=\"_blank\" rel=\"noopener noreferrer\">the UK\u2019s National Health Service (NHS)<\/a>, French car manufacturer Renault, Spanish carrier Telef\u00f3nica and Deutsche Bahn, if <a href=\"https:\/\/www.deutschebahn.com\/resource\/blob\/1262994\/2fe77ccbefe70ef2364a884c4167b14f\/ib2017_dbkonzern_de-data.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">\u201conly\u201d their destination display boards<\/a>. However, the unknown originators of the attack have <a href=\"https:\/\/www.cnbc.com\/2017\/05\/15\/wannacry-ransomware-hackers-have-only-made-50000-worth-of-bitcoin.html\" target=\"_blank\" rel=\"noopener noreferrer\">not been able to blackmail much money<\/a> out of their victims so far.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Note: This bot is watching the 3 wallets hard-coded into <a href=\"https:\/\/twitter.com\/hashtag\/WannaCry?src=hash\">#WannaCry<\/a> ransomware. It tweets new payments as they occur, totals every two hours.<\/p>\n<p>\u2014 actual ransom (@actual_ransom) <a href=\"https:\/\/twitter.com\/actual_ransom\/status\/863938512105730049\">15. Mai 2017<\/a><\/p><\/blockquote>\n<p>The USA and Canada were spared much impact from the outbreak due to their time zones. By the time North American workers were starting up their computers last Friday, a 22 year-old British security researcher had already <a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2017\/05\/13\/wannacry-ransomware-outbreak-stopped-by-researcher\/#db3519c74fca\" target=\"_blank\" rel=\"noopener noreferrer\">discovered and activated a kill switch for \u201cWannaCry\u201d<\/a> more or less by chance \u2013 as soon as the malware found a certain URL\u00a0connected, it falsely assumed itself to be in a security test environment (&#8220;sandbox&#8221;) and ceased to be active. Since Sunday, however, a <a href=\"https:\/\/www.theregister.com\/2017\/05\/15\/wannacrypt_variant\/\" target=\"_blank\" rel=\"noopener noreferrer\">new variant without this kill switch has already been circulating<\/a>.<\/p>\n<p>\u201cWannaCry\u201d spreads over computer networks, technically using an error in an older Microsoft incarnation of the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Server_Message_Block\" target=\"_blank\" rel=\"noopener noreferrer\">SMB protocol (Server Message Block) for file, printing and other services in computer networks<\/a>. Knowledge of this error had been stashed away by the US military secret service, the NSA, until late summer 2016 when the hacker collective Shadow Brokers cyber-burgled them, making off with a whole raft of spying tools and intending to use them for financial gain.<\/p>\n<h2>The attack was just a matter of time<\/h2>\n<p>One after another, the Shadow Brokers made the NSA tools available on the web. \u201cEternalblue\u201c, which provides the basis for \u201cWannaCry\u201d, was <a href=\"https:\/\/www.engadget.com\/2017\/04\/14\/shadow-brokers-dump-windows-zero-day\/\" target=\"_blank\" rel=\"noopener noreferrer\">made public on Good Friday<\/a> of all days. From that point on, at least, it was really only a matter of time before a related attack would be sure to follow. Conspicuously, Microsoft had already <a href=\"https:\/\/www.washingtonpost.com\/business\/technology\/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did\/2017\/05\/16\/50670b16-3978-11e7-a058-ddbb23c75d82_story.html?utm_term=.a7e671d1ed57\" target=\"_blank\" rel=\"noopener noreferrer\">called off the release of its monthly patch for February at short notice<\/a> and then put out an unusual number of error-corrections in March.<\/p>\n<p>Microsoft apparently rates the SMB security gap as being extremely serious. Otherwise, it would be tough to explain the software giant wasting little time on Saturday to take the unusual step of breaking ranks by <a href=\"https:\/\/blogs.technet.microsoft.com\/msrc\/2017\/05\/12\/customer-guidance-for-wannacrypt-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">also providing patches for Windows versions which are still widely used yet no longer supported<\/a>, such as XP, Server 2003 or Windows 8.<\/p>\n<div id=\"attachment_2163\" style=\"width: 740px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-2163\" loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2163\" src=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/brad-smith.jpg\" alt=\"Brad Smith, Microsoft\" width=\"730\" height=\"410\" \/><p id=\"caption-attachment-2163\" class=\"wp-caption-text\">Microsoft\u2019s Chief Legal Officer Brad Smith sees \u201cWannaCrypt\u201d as a wake-up call, especially for governments around the world. Photo: Microsoft<\/p><\/div>\n<p>On Sunday Microsoft\u2018s President and Chief Legal Officer Brad Smith then followed up with <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2017\/05\/14\/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack\/#sm.0001alb9qyyf0dqm10agm8du2261s\" target=\"_blank\" rel=\"noopener noreferrer\">a very clearly worded statement by corporate standards<\/a>. The basic tenor: the secret services of this world should in future please refrain from hoarding security gaps which are not known to the public (\u201cZero-Days\u201d), in order to use them secretly for espionage or as cyber-weapons in the future.<\/p>\n<p>From\u00a0Smith&#8217;s point of view, Microsoft and its customers also bear at least some share of responsibility. Arne Sch\u00f6nbohm, President of the Bundesamt f\u00fcr Sicherheit in der Informationstechnik (Federal IS Agency), had earlier sung from the same hymn sheet. \u201cThe current attacks show how vulnerable our digitalized society is. This is a fresh wake-up call for companies to finally start taking IT security seriously and set up sustainable protective measures,\u201d he wrote in a statement. \u201cThe latest weak point has been known for months and appropriate security updates are available. We urge all users to implement them without delay.\u201d<\/p>\n<h2>Patch management \u2013 a tiresome topic<\/h2>\n<p>Sch\u00f6nbohm is surely taking an overly simple view of things, if he places the blame\u00a0squarely on the users only. They are long-suffering and would rather take a bit more time to vet the patches provided by their software suppliers before rolling them out in their infrastructures. In an increasingly digitalized economy, a company can simply not afford to have internal applications or business processes failing because a patch displays unexpected side-effects \u2013 an <a href=\"https:\/\/www.wsj.com\/articles\/global-cyberattack-exposes-lag-in-companies-software-updates-1494629216\" target=\"_blank\" rel=\"noopener noreferrer\">eternal dilemma for enterprise IT<\/a>.<\/p>\n<p>\u201cWannaCry\u201d nevertheless makes it perfectly clear that one at least has to take immediate action to plug security holes in the software as soon as an attack has taken place and some kind of exploit code is available. <a href=\"https:\/\/www.nytimes.com\/2017\/05\/13\/technology\/hack-ransomware-scam-cyberattacks.html?smid=tw-share&amp;_r=0\" target=\"_blank\" rel=\"noopener noreferrer\">Cyber criminals have long been able to ply their trade without needing hacking expertise<\/a> to build their weapons. In the face of a growing amount of ransomware, it can\u2019t be emphasized enough\u00a0how crucial regular, up-to-date backups are \u2013 only then can one replace a computer which has been encrypted by malware without a large loss of data &#8211; and without having to cough up bitcoin ransom.<\/p>\n<p>https:\/\/youtu.be\/4gR562GW7TI<\/p>\n<p>In general, a crucial paradigm shift can be observed in IT security \u2013 while the primary consideration used to be protecting systems and networks by shielding them from the outside, it is now regarded vital to <a href=\"https:\/\/www.gartner.com\/newsroom\/id\/2990717\" target=\"_blank\" rel=\"noopener noreferrer\">discover ensuing attacks as quickly as possible and limit their impact<\/a> (<a href=\"https:\/\/www.retarus.com\/products\/retarus-patient-zero-detection\/\">\u201c<\/a>Detect and Respond<a href=\"https:\/\/www.retarus.com\/products\/retarus-patient-zero-detection\/\">\u201d<\/a>). One example of this is <a href=\"https:\/\/www.retarus.com\/products\/retarus-patient-zero-detection\/\">Retarus\u2019 innovative new product \u201cPatient Zero Detection<sup>\u00ae<\/sup>\u201d<\/a>, which enables the retroactive discovery of malware that has already been delivered by means of e-mail. You can find out more about Patient Zero Detection<sup>\u00ae<\/sup> and Retarus\u2019 comprehensive E-Mail Security services <a href=\"https:\/\/www.retarus.com\/products\/retarus-email-security\/\">here<\/a> or directly from your <a href=\"https:\/\/www.retarus.com\/contact\/\">local Retarus representative<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On the past weekend the headlines were coming thick and fast about the ransomware known as \u201cWannaCry\u201d, which had paralyzed computers around the globe \u2013 even impacting on critical infrastructure.<\/p>\n","protected":false},"author":14,"featured_media":2164,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[102,354,198],"dipi_cpt_category":[],"class_list":["post-2162","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-email-security","tag-patient-zero-detection","tag-ransomware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.1 (Yoast SEO v24.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What we can learn from \u201cWannaCry\u201d - Retarus Corporate Blog - EN<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What we can learn from \u201cWannaCry\u201d\" \/>\n<meta property=\"og:description\" content=\"On the past weekend the headlines were coming thick and fast about the ransomware known as \u201cWannaCry\u201d, which had paralyzed computers around the globe \u2013 even impacting on critical infrastructure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2017-05-16T12:00:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T17:07:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/Wana-Decrypt0r.png\" \/>\n\t<meta property=\"og:image:width\" content=\"730\" \/>\n\t<meta property=\"og:image:height\" content=\"410\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/\",\"name\":\"What we can learn from \u201cWannaCry\u201d - Retarus Corporate Blog - EN\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/Wana-Decrypt0r.png\",\"datePublished\":\"2017-05-16T12:00:34+00:00\",\"dateModified\":\"2024-05-07T17:07:33+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/Wana-Decrypt0r.png\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/Wana-Decrypt0r.png\",\"width\":730,\"height\":410},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What we can learn from \u201cWannaCry\u201d\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What we can learn from \u201cWannaCry\u201d - Retarus Corporate Blog - EN","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/","og_locale":"en_US","og_type":"article","og_title":"What we can learn from \u201cWannaCry\u201d","og_description":"On the past weekend the headlines were coming thick and fast about the ransomware known as \u201cWannaCry\u201d, which had paralyzed computers around the globe \u2013 even impacting on critical infrastructure.","og_url":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2017-05-16T12:00:34+00:00","article_modified_time":"2024-05-07T17:07:33+00:00","og_image":[{"width":730,"height":410,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/Wana-Decrypt0r.png","type":"image\/png"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas Cloer","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/","url":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/","name":"What we can learn from \u201cWannaCry\u201d - Retarus Corporate Blog - EN","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/Wana-Decrypt0r.png","datePublished":"2017-05-16T12:00:34+00:00","dateModified":"2024-05-07T17:07:33+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/Wana-Decrypt0r.png","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2017\/05\/Wana-Decrypt0r.png","width":730,"height":410},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/can-learn-wannacry\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"What we can learn from \u201cWannaCry\u201d"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/2162"}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=2162"}],"version-history":[{"count":11,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/2162\/revisions"}],"predecessor-version":[{"id":9106,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/2162\/revisions\/9106"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/2164"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=2162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=2162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=2162"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/dipi_cpt_category?post=2162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}