CASE STUDY 2017 WANNACRY RANSOM ATTACK The WannaCry ransomware attack was a global epidemic that took place in May 2017. This ransomware attack spread through computers operating Microsoft Windows. Users’ files were held hostage, and a Bitcoin ransom was demanded for their return. Ransomware WannaCry is an example of crypto ransomware, a type of malware used by cybercriminals to extort money. Ransomware does this by either encrypting valuable files, so you are unable to read them, or by locking you out of your computer, so you are not able to use it. Ransomware that uses encryption is called crypto ransomware. The type that locks you out of your computer is called locker ransomware. Like other types of crypto ransomware, WannaCry takes your data hostage, promising to return it if you pay a ransom. The and the hack patch The cybercriminals responsible for the attack took advantage of a weakness in the Microsoft Windows operating system using a hack that was allegedly developed by the United States National Security Agency. Known as EternalBlue, this hack was made public by a group of hackers called the Shadow Brokers before the WannaCry attack. Microsoft released a security patch which protected users’ systems against this exploit almost two months before the WannaCry ransomware attack began. Unfortunately, many individuals and organisations do not regularly update their operating systems and so were left exposed to the attack. Those that had not run a Microsoft Windows update before the attack did not benefit from the patch and the vulnerability exploited by EternalBlue left them open to attack. The attack When it first happened, people assumed that the WannaCry ransomware attack had initially spread through a phishing campaign. However, EternalBlue was the exploit that allowed WannaCry to propagate and spread, with DoublePulsar being the backdoor installed on the compromised computers. The WannaCry ransomware attack hit around 230,000 computers globally. One of the first companies affected was the Spanish mobile company, Telefónica. By May 12th, thousands of NHS (National Health Service) hospitals and surgeries across the UK were affected. A third of NHS hospitals were affected by the attack. Ambulances were reportedly rerouted, leaving people needing urgent care in need. It was estimated to cost the NHS £92 million after 19,000 appointments were cancelled as a result of the attack. As the ransomware spread beyond Europe, computer systems in 150 countries were . The WannaCry ransomware attack had a substantial financial impact worldwide. It is estimated this cybercrime caused $4 billion in losses across the globe. crippled Adapted from: https://www.kaspersky.com/resource-center/threats/ransomware-wannacry 11 Read the text and answer the questions. What is WannaCry? Describe crypto and locker ransomware. What weakness did the cybercriminals exploit? What did Microsoft do to protect users? Why was WannaCry successful? What was the impact of WannaCry both globally and specifically in the UK? GLOSSARY crippled: paralizzato hack: accesso patch: pezza, rattoppo