Lessons Learned PostMortem of WannaCry Ransomware

Malware, Ransomware, and what to do 

CNN – who and when
ZDNET – the “how” and how the problem has morphed
WebRoot : scope and how to prevent


CNN – who and when

The ransomware took control of computers around the world and required owners to pay hundreds of dollars to get their files back. It took advantage of a Windows vulnerability leaked in April and the hacking tool is believed to belong to the NSA.

The 22-year-old researcher, who goes by the name MalwareTech, has become an internet hero for their efforts to stem the spread of the WannaCry ransomware. MalwareTech, who is based in the U.K., did not disclose their identity or gender to CNN. MalwareTech published a blog post early Saturday morning detailing how they stopped the spread of this ransomware.


ZDNET – the “how”

Leaked NSA hacking exploit used in WannaCry ransomware is now powering Trojan malware | ZDNet.

A leaked NSA exploit which helped the WannaCry ransomware outbreak become so prolific is now being used to distribute Trojan malware.

A Windows security flaw known as EternalBlue was one of many allegedly known to US intelligence services and used to carry out surveillance before being leaked by the Shadow Brokers hacking group.

The exploit leverages a version of Windows’ Server Message Block (SMB) networking protocol to spread itself across an infected network using wormlike capabilities.

But while, for the most part, the spread of WannaCry has been stopped, cybercriminals and hackers are still using the leaked EternalBlue exploit to carry out a much more discreet form of cyberattack, say researchers at FireEye.


WEBROOT – self protection

Eric Klonowski, Senior Advanced Threat Research Analyst at Webroot, sat down with TechCO to review what happened with WannaCry

What Can Be Done to Avoid Ransomware?

Webroot offered four tips for those hoping to prepare for ransomware attacks in the near future.

  • Back up your data. Unfortunately, ransomware can attack cloud storage services and network drives. Create a physical backup on a DVD or portable drive, and keep it in a secure location that is  not connected to your computer.
  • Make sure you are practicing good cyber hygiene. Hover before you click to make sure you know the end destination of links, change your passwords regularly and keep your operating systems up-to-date. Don’t open emails from unknown senders.
  • Use antivirus software. Make sure ransomware doesn’t get on your computer by using software that can block malicious phishing sites. But, beware of free security: you get what you pay for.
  • Patch and update your device. Regularly check for firmware updates for your device. This is how companies push out fixes for any known vulnerabilities.
This entry was posted in QA. Bookmark the permalink.