Article

WannaCry Ransomware: Who It Affected

and Why It Matters
May 19, 2017 OpenShift

Samantha Donaldson
Guest Author

Technology is an ever-expanding market full of opportunity and dedicated to

making our lives more convenient and advanced in the process. Countless
companies across the world have recognized the power in embracing technology
to survive and prosper and, with this being said, the world has never been more
advanced than it is today — with a future as bright as the people creating it.
Furthermore, although many people believe that the modern generation is
completely out of their minds and “lazy”, what they do not realize is that this form
of innovation and free thinking is exactly what makes these “digital natives” so
similar to their ancestors of the Industrial Revolution before them.

However, with every great thing comes risk and, for the tech industry as a whole,
this risk comes not only in the form of the sometimes dangerous advancements
they provide our world with but also in the form of the people who hope to tear
them down piece by piece. These people who hide in the shadows of technology
and deploy their code maliciously are often referred to as hackers, and their need
to destroy companies and make money off others is exactly why the tech industry
is still fighting against the tides of change.

With data breaches slowly rising every day, particularly in the business world, and
countless businesses flourishing despite it, it’s no surprise that every hacker is
working to tear apart new encryption methods and get a piece of these business
giants. In turn, it is quickly becoming harder and harder to keep customer data safe
in the digital world.

However, on May 12th, one ransomware had spread so quickly and in such a way
that not only the tech and business industries were affected, but even healthcare
providers and average citizens found themselves completely locked out of their
own computers and files likewise.

How did WannaCry Spread So Quickly?

Table of contents: How Was This Ransomware Stopped?

Wanna Decryption, or WannaCry, is a ransomware that spread through Server

Message Block (SMB) protocol, which is typically used by Windows machines to
communicate with file systems over a network. In order to do this, the ransomware
specifically targeted devices that had not received the MS17-010 Security Patch
from Microsoft which was created to fix vulnerabilities in SMBv1. However, various
companies, including Symantec, have claimed that WannaCry actually targets
SMBv2 as well. With this said, you would ultimately have to be two months behind
in your patch cycle in order to get hit with this ransomware.

Once the ransomware was able to deploy itself, it began to spread to other devices
within the network that also did not have the proper patches and took control of all
of their files as well. According to various sources, once the files had been taken,
the hackers would leave only two files left: one which would contain instructions on
what had just happened and one explaining how to pay them via Bitcoin, the most
dominant cryptocurrency of the internet, in order to ‘possbily’ receive their files
once more.

The hackers demanded $300 of each targeted computer and claimed that if they
had not received payment in three days, the price would double. After a week, the
hackers stated that they would delete all the files retrieved leaving you with
nothing. Currently, it is reported that the hackers have tricked people into sending
over $41,000 throughout the time the ransomware spread. According to Talos,
WannaCry also doesn’t really target only valuable computers such as business
computers or tech giants but rather targets anything it can get its hands on, “The
file tasksche.exe checks for disk drives, including network shares and removable
storage devices mapped to a letter, such as 'C:/', 'D:/' etc. The malware then
checks for files with a file extension as listed in the appendix and encrypts these
using 2048-bit RSA encryption.”

With this being said, WannaCry appears to have been solely spread through SMB
meaning that, in order to be hit behind a firewall, ports 139 and 445 would have to
be open and the hosts would have to be listening to inbound connections as well.
Once one machine behind the firewall is infected, this could rapidly spread to any
other machines in the network due to it being self-propagating.

Throughout the span of five days, the virus rapidly spread to over 150 countries
and, in fact, you can see the rapid spread via this map using data compiled by
Malware Tech. However, perhaps, the worst aspect of this virus was not just the
people who had been infected, but rather the chaos it brought to the healthcare
industry and their patients as well.

Who did WannaCry affect?

The truth is WannaCry did not just affect the average citizen but also gravely
endangered the healthcare industry and its patients as well. The truth is that, with a
rise in telemedicine in the last few years, most patient records are digital meaning
that taking these files during a ransomware attack could lead to countless
individuals being denied healthcare and also having their information sold on the
black market likewise.

In fact, in the UK alone, WannaCry hit 16 different hospitals, this was far from the
only country affected, and the only hospitals hit likewise. During this time period,
many were denied healthcare access, which is a very serious issue considering the
recent research release in New York determining that a “third-wave” of asbestos-
related diseases was upon us, among other things such as surgeries needing to be
performed and pregnancies occurring throughout those five days. In fact, the
National Health Service (NHS) says 16 of its organizations were attacked by
WannaCry which resulted in doctors being locked out of patient records and
forcing emergency rooms to send patients to other hospitals.

With over 200,000 machines infected across the globe, it seemed as though this
ransomware was a lost cause—that was until one young individual proved that you
can be a hero without even knowing it in the blink of an eye.

How Was This Ransomware Stopped?

Flash over to a tiny home where a 22-year-old self-taught IT expert sits
comfortably surrounded by empty pizza boxes, video games, and computer servers.
Marcus Hutchins, better known as Malware Tech, is not your average IT graduate
with a job in a computer shop in his hometown. Hutchins has been making a name
for himself in the hacking world by teaching himself complex hacking techniques all
his life.

Although the young hacker recognizes that the skills gap is still a problem, he
actually feels that universities are a joke and feels that teaching yourself is the best
way to accomplish your dreams. After registering a garbled domain name hidden in
the malware and halting the WannaCry ransomware attack, Hutchins claims the
attack may be halted but could return if not handled properly. However, perhaps,
we are in good hands, as the young hacker is now working alongside the Global
Communications Headquarters (GCHQ) to prevent another attack from occurring.

So, at the end of the day, the big question we must ask ourselves is what this
means for the tech industry and how it will affect our future and our security as a
whole. In truth, this ransomware attack may just lead to the future of young
individuals in technology and a more secure world overall.

Why Does WannaCry Matter to the Tech

Industry?
WannaCry may just be yet another ransomware attack and, although it was
certainly the largest in history, the most important aspect of this situation is not the
spread itself, but the way it was halted. With a rise in young individuals in the tech
industry, it is no surprise that a young and self-taught individual is the reason the
virus could not spread any further. However, this goes beyond Hutchins himself, as
it means that young individuals in our world may actually be the future of security in
little to no time at all.

With Hutchins joining the GCHQ to try to prevent another massive attack, it only
makes sense that this is the start of the youth joining tech giants to create a better
tech industry overall. Although Hutchins may not believe in the usefulness of
universities, it is highly important that our schools recognize the value of the
students they are teaching and provide them with the kinds of learning
environments that can ultimately help them to fill in the skills gap and change our
world as a whole. For instance, by learning how to develop critical thinking in
students, you can create a future generation that understands how to solve
problems and work together in unique, yet ultimately more effective, ways.

Once we have formed a future full of promising young individuals primed

specifically for the tech industry, we can begin to formulate a safer work
environment, minimize security risks for our companies, and focus on what we, as
citizens, can do to prevent ransomware attacks such as Wanna Decryption from
ever occurring again. In the end, WannaCry has opened up many important
conversations and kicked the ball into high gear for security specialists across the
globe, which may be more important than the attack itself as it could quite literally
mean a safer and better world because of it.
For a framework for building enterprise Java microservices visit WildFly Swarm
and download the cheat sheet.

Last updated: March 22, 2023

Recent Articles

VMware Antrea is now Generally Available on OpenShift

3 reasons to drop Docker for Podman

Uncover interesting test cases with AI/ML and Bunsen

A beginner's guide to Git version control

How to deploy the new Grafana Tempo operator on OpenShift

Comments
 Red Hat Developer Comment Policy
Please keep your comments relevant and polite. Opinions shared in comments are not offici
Please read our Comment Policy before commenting.

0 Comments

Start the discussion…

LOG IN WITH OR SIGN UP WITH DISQUS ?

Name

 Share

Be the fir

Subscribe Privacy Do Not Sell My Data

Products

Build

Quicklinks

Communicate
RED HAT DEVELOPER

Build here. Go anywhere.

We serve the builders. The problem solvers who create careers with code.

Join us if you’re a developer, software engineer, web designer, front-end designer, UX

designer, computer scientist, architect, tester, product manager, project manager or team
lead.

Sign me up

We’ve updated our Privacy Statement effective July 1, 2023

About Red Hat

Jobs

Events

Locations

Contact Red Hat

Red Hat Blog

Diversity, equity, and inclusion

Cool Stuff Store

Red Hat Summit

© 2023 Red Hat, Inc.

Privacy statement

Terms of use

All policies and guidelines

Digital accessibility

Cookie preferences