Three weeks post-attack, and WannaCry is still top-of-mind for infosec professionals worldwide. This was very much in evidence during this week’s SecureWorld Atlanta, which I had the privilege of attending. Multiple sessions — including a panel discussion that featured Wombat Chief Architect Kurt Wescoe — covered ransomware attacks in general, but the conversations all spent a fair amount of time focusing on WannaCry and its impact.
The interesting thing is that WannaCry has been called a “somewhat amateur” piece of ransomware (see the ZDNet link below). That and some of the other “oddities” of the attack — like the embedded kill switch and the relatively low return the cybercriminals received for their efforts — left us wondering if the code was intentionally flawed. Perhaps a “gray hat” hacker out there fired this warning shot to unsuspecting organizations, intending WannaCry to be a bit of an international wake-up call? Or maybe it was a test run of sorts for copycat (and kill-switch-free) variants like UIWIX and EternalRocks? Or maybe it was something far more devious, like a false flag that flew the banner of ransomware for all to see while a more dangerous malware permeated into systems undetected?
For now, we are left to speculate. But regardless of whether WannaCry’s failings as an extortion tool were accidental rather than deliberate, it’s critical to recognize that even low-level ransomware can spread and have debilitating consequences if you are not prepared.
Our Ransomware Resource Center can help you fight this dangerous cybersecurity threat.
Read some of the latest news about the WannaCry ransomware attack in the following articles: