Organizations worldwide were hit by the WannaCry cyberattack, which crippled over 200,000 computers in more than 150 countries worldwide. Repercussions were still being felt months later. The global attack involves ransomware being installed on machines and encrypting them, with an average payment of around $675 in bitcoin demanded to decrypt the files.
E-mail was the number one delivery vehicle for ransomware, accounting for 31% of attacks
Highlighting the importance of security awareness training for employees, machines became infected after a computer on a network opened an infected attachment contained in a 'phishing' e-mail. This contained a worm that proceeded to encrypt the machine, as well as infecting other machines on the network. The encryption occurred too fast for security software to catch it in many cases. The attack caught many off guard, and highlighted the flaws in several enterprises' technology estates.
The WannaCry worm, created using stolen National Security Agency (NSA) cyber-offensive tools, exploited a fault in Windows Operating Systems between Windows XP and all later Windows versions up to, but not including Windows 10. Although the fault was known to Microsoft, and a patch issued, many had not installed the patch.
Victims included the UK's National Health Service (NHS), Russia's Ministry of Interior, China government agencies, the Deutsche Bahn railway company, car manufacturers Nissan Motor Co. and Renault, PetroChina, logistics giant FedEx and other company and hospital computer systems in countries from Eastern Europe to the US and Asia. Russia and Ukraine appear to have had the heaviest concentration of infections.
The attack was finally halted in the UK when a 22-year-old cybersecurity researcher took control of an Internet domain that appears to have acted as a kill switch for the worm's propagation. But there are concerns that the code will simply be rewritten, removing this initial flaw.