Historical Hacks: Wanna Cry

5Gmb...M2Ub
12 Feb 2024
251

If you’ve read for a while, you might have figured out by now that we enjoy looking at cyber attacks, ransomware, and other noteworthy scenarios of interest that were integral to turning the internet into what it is today.

However, in the broad landscape of the internet, there are moments that jolt us into the stark reality of the vulnerabilities that lie beneath the surface. They also remind us of our interconnected lives and show us just how fragile these things can be sometimes. 

One such moment that sent shock waves around the globe was the notorious Wanna Cry cyber attack. Today’s article will be a deep dive into what happened and how it happened, and it’ll be the first of many articles where we take a closer look at cyber attacks and ransomware incidents. 

The Beginning: A Silent Intruder

Picture a regular day in May 2017. The hum of computers, the tapping of keys, and the exceedingly boring routine of daily cyber life. Little did the world know that a silent intruder was making its way into the digital landscape and would soon make its presence known. WannaCry, a ransomware worm, stealthily crept into systems, exploiting a vulnerability in the Microsoft Windows operating system.

Every catastrophe has a patient zero, and for WannaCry, it was a moment that set the world on edge. The worm took advantage of a Windows file-sharing protocol flaw, swiftly spreading through networks like wildfire. What started as a seemingly routine phishing email, innocuous to the untrained eye, became the patient zero, the epicentre of a global digital pandemic.

Using the Eternal Blue (MS17–010) exploit for Windows, transmission between systems was rapid. Despite Eternal Blue being identified a few weeks earlier as a significant vulnerability, the reality was that many machines were not patched despite the fix being released a few weeks earlier. 

This made a bad situation far worse and clearly shows why having access to the latest software and patches is essential for those that have internet-facing infrastructure. 
Wannacry encrypted files and requested Bitcoin to regain access. Source: Wikipedia


The Ripple Effect

The fallout was unprecedented, and the spread was rapid. Hospitals were paralyzed, businesses held hostage, and individuals locked out of their digital lives entirely. The malware encrypted files and demanded a ransom in Bitcoin for their release. From the United Kingdom’s National Health Service to FedEx and beyond, no corner of the internet was spared. At one point, infections were spreading at the rate of around 10,000 machines a minute worldwide. 

Once the word was out, the world responded. Cyber security professionals and analysts across the world compared data examined code, and looked for ways to stop the attack from spreading. While there was a solution, it would take some time for it to be found. In the meantime, things continued to spread. 

Amid the chaos, however, the human toll emerged as a stark reality of the attack, showing the world that hospitals and doctors were able to be affected as easily as governments and intelligence groups. Medical procedures were delayed, critical information was lost or inaccessible, and a sense of helplessness permeated the air. Lives were impacted not just by lines of code but by the very real consequences of a digital assault on the systems that help sustain our daily lives.

The United Kingdom’s NHS emerged as one of the biggest victims of the attack, with many of its systems damaged, compromised, or taken offline entirely. This had an immediate effect on patients that would take some time to be remedied.


The Unsung Heros

Yet, amidst this chaos, heroes emerged. Cyber security researchers and enthusiasts joined forces, working tirelessly to decipher the code, find loopholes, and develop solutions. This resilience in the face of digital adversity showed that while cyber attacks could be effective, like any other attack they could be repelled using the right tools, people, and infrastructure. 

One of these unsung heroes was responsible for stopping the entire attack, dead in its tracks. UK-based, Cyber Analyst, Marcus Hutchins was responsible for identifying a kill switch within the code that was able to be used to stop the attack. While this kill switch would be successful in killing the attack, the consequences of the attack would cause experts to re-examine the ways we monitor, assess, and implement offensive strategies. 

Let’s ask ChatGPT for a quick synopsis on the wanna-cry kill switch

Input: Tell me about how the Wanna Cry attack was defeated

Output: The WannaCry kill switch, an unintentional hero in the battle against the infamous ransomware, was discovered by a cybersecurity researcher known as “MalwareTech.” Within WannaCry’s malicious code was a routine to check the availability of a specific web domain. Recognizing this vulnerability, MalwareTech registered the domain, inadvertently activating the kill switch. This unforeseen intervention had a profound impact, halting the ransomware’s further spread and providing a vital window for cybersecurity experts to analyze the threat, develop countermeasures, and fortify systems against future attacks. The accidental discovery of the kill switch serves as a testament to the unpredictable nature of cybersecurity battles, where a keen eye and quick thinking can turn the tide against digital threats.

Hashes related to wanna cry, as uploaded to virus total. Source: Virustotal


The Consequences

The aftermath of WannaCry prompted a collective reflection on the state of our digital defences. It underscored the need for regular updates, robust cyber security practices, and a collective responsibility to fortify the digital foundations we rely on. While there’s still a long way to go on the security front, the WannaCry incident was a significant part of bringing these discussions to the surface. 

The reality is, that WannaCry was more than a cyber attack. It was a key moment that forced us to confront the vulnerabilities inherent in our digital existence as well as take cyber security more seriously on both personal and professional levels. 

The most interesting part about this whole story however is that the exploit responsible for WannaCry (MS17–010) still sees use in today’s world despite being the better part of half a decade old. 

When Russia carried out its illegal attack on Ukraine, Ukrainian hackers were quick to leverage insecure Eternal Blue machines as part of their fight back, with many machines taken out in the early days. 

It’s fair to say that in the cyber domain, the fight of good vs evil continues to rage on. 

Medium has recently made some algorithm changes to improve the discoverability of articles like this one. These changes are designed to ensure that high-quality content reaches a wider audience, and your engagement plays a crucial role in making that happen.

If you found this article insightful, informative, or entertaining, we encourage you to show your support. Clapping for this article not only lets the author know that their work is appreciated but also helps boost its visibility to others who might benefit from it.

🌟 Enjoyed this article? Support our work and join the community! 🌟

💙 Support me on Ko-fi: Investigator515

📢 Join our OSINT Telegram channel for exclusive updates or

📢 Follow our crypto Telegram for the latest giveaways

🐦 Follow us on Twitter and

🟦 We’re now on Bluesky!
🔗 Articles we think you’ll like:

  1. Software Defined Radio & Radio Hacking
  2. OSINT Unleashed: 5 Essential Tools for Cyber Investigators


✉️ Want more content like this? Sign up for email updates here

Join our Crypto focused Telegram Channel!

Telegram

Enjoy this blog? Subscribe to Investigator515

34 Comments