skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

The WannaCry ransomware attack of May 12, 2017 infected 200,000 computers across 150 countries, and among other things, wrought havoc in hospitals across the UK, where it was first detected, as well as hitting major corporations around the world, impacting everything from German railways to Chinese ATMs.

WannaCry exploited a known Microsoft vulnerability for which there was a patch on Windows 10, but not for some of the older Windows OSes that companies continue to use. The reality is that many infections could have been avoided, but IT admins say testing and patching cycles take too long because of the genuine fear about applications being broken or brought down by the enforced changes.

This was the moment ransomware caught the world’s attention, and the attack should drive further initiatives for better, faster patching.

WannaCry is a wakeup call for the whole business community

WannaCry, aka WannaCrypt, WannaDecryptor 2.0, and various other names, probably used classic phishing to get into the first machines it contaminated. It then spread rapidly using EternalBlue and its one-to-many exploit capabilities. EternalBlue, which is thought to have been developed by the US National Security Agency (NSA), enables malware to spread to other computers within each environment, using a vulnerability in Microsoft’s Server Message Block (SMB) protocol to do so.

Microsoft had issued a Windows 10 patch for SMB in March, so anyone who had deployed it in the interim avoided WannaCry’s propagation. There was, however, no patch for operating systems Microsoft is no longer supporting, such as Windows XP or 2003, and for the thousands of devices still running these, there was no hope.

With computers across Britain’s National Health Service displaying ransom notes, appointments and operations were postponed because of the unavailability of patient data. Spanish carrier Telefonica, German railway Deutsche Bahn, FedEx, and a host of other organizations were also hit and forced to curtail their normal activities.

In the event, a security researcher found what turned out to be a kill switch in the ransomware, almost by accident saving the day, with the number of infections decreasing dramatically since the weekend. As of Monday May 15, the attackers had received some $48,000 in ransom, which was paid in bitcoins. Also, over the weekend, Microsoft issued a patch for the unsupported OSes.

WannaCry highlights the need for more effective threat protection and patch management regimes

The SMB vulnerability should have been patched before now, Microsoft should address vulnerabilities in its older OSes, and people shouldn’t click on untrusted links in emails.

Nevertheless, the world is an imperfect place. IT admins do advance with understandable caution when there is a major patch, fearing for in-house systems the patch may cause to fall over. Microsoft will try to wean customers off older operating systems so that it can move them to more advanced ones, reduce its overheads supporting vintage models, and maintain its revenue streams. And people will continue to click on bogus URLs.

Microsoft is to be lauded for its swift action in coming up with a patch for the older OSes, and it is to be hoped that this experience will provoke a rethink about support levels for what it may see as dinosaurs, but in practical terms are still far from extinct. It is difficult to see how some IT admins can be encouraged to patch more rapidly, given the potential turmoil such patches can cause, but most organizations manage to do enough to stay safe. The sobering experience of WannaCry must at least cause them to prioritize patching in a way that until now they have not.

Finally, the extent of the problems caused by the WannaCry ransomware worm and the ease with which its payload was delivered means that there will be other new variants coming along soon. These are likely to be stronger, more effective, and almost certainly won’t have the same kill switch.

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Internet of Things

    IoT Viewpoints 2018

    IoT Viewpoints explore the IoT opportunity in 2018 and beyond. Download our latest e-book to get our newest collection of thought leadership articles on the emerging IoT trends, technologies and opportunities.

    Topics IoT

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now