The Big Hit
Imagine a boxer delivering a punch that hits harder than Mike Tyson’s blow to Evander Holyfield. That’s pretty much what WannaCry felt like when it first landed in 2017. This ransomware attack wasn’t just another cyber scare; it was the real deal. I wanna talk about this because I recently have been learning about malware analysis. I thought I could do some research on some of the malwares that I have been working with. WannaCry is definitely one of the more famous ones out there and that’s what intrigued me. Why was it so infamous? What about it sets it apart from other malware? and How did it work?
The Basics of WannaCry
WannaCry is a type of malware known as ransomware. Picture it as a digital kidnapper—once it infects a computer, it encrypts files and demands ransom in Bitcoin to unlock them. The impressive bit is that the encryption is so solid that without the decryption key, the files are locked away like a treasure chest with no key in sight. The more it infects, the harder it is to recover lost data. What made WannaCry particularly notorious was its speed and scale. It spread like wildfire—faster than Lewis Hamilton tearing down the straights in his Mercedes. The ransomware/worm utilised a vulnerability in Microsoft Windows, specifically a hole exploited by a hacking group known as the Shadow Brokers. This vulnerability was initially developed by the NSA and was leaked out into the wild, making it ripe for exploitation. This exploit’s name is “Eternal Blue”. Goes through the SMB port.
The Kill Switch
Just when it seemed like things couldn’t get worse, a cybersecurity researcher stumbled across a glimmer of hope. While analysing the malware, Marcus Hutchins, a British researcher, discovered that WannaCry was trying to communicate with an unregistered domain. He noticed that the ransomware was trying to check if this domain was live. When he found the domain, he realised it was a kill switch—a digital off button.
By registering this domain, Hutchins effectively turned off the ransomware’s ability to spread. It was like finding the secret lever that stopped a runaway train in its tracks. The kill switch worked by halting the worm’s propagation, giving businesses and individuals a fighting chance to mitigate the damage. This discovery was a game-changer, much like a last-minute save by a goalkeeper in the dying seconds of a crucial match. In my testing i used Inetsim to resolve the domain and it was glorious to see the malware not run hahaha.
Who Made WannaCry?
The mastermind behind WannaCry is a bit of a mystery wrapped in a digital enigma. While the ransomware itself was crafted with a blend of C and C++ programming languages, its creator remains unknown. There have been speculations and theories, but no concrete answers. The attack seemed to be motivated more by the intent to cause disruption and financial gain rather than by any political or ideological agenda. It could be the very person reading this right now. Whoever it was, they were brilliant.
The Fallout
This attack crippled thousands of organisations across the globe, from healthcare systems in the UK to large corporations. It was like watching a colossal F1 crash—sudden, messy, and with far-reaching consequences. The immediate response highlighted the vulnerabilities of outdated systems and the need for robust cybersecurity practices.
In the wake of WannaCry, organisations around the world had to re-evaluate their security measures. The attack drove home the importance of regular software updates and the risks of not addressing vulnerabilities promptly. It was a wake-up call that pushed many companies to bolster their cybersecurity defences, like a boxer who’s learned to never underestimate an opponent.
The Industry’s Reaction
Post-WannaCry, the industry saw a surge in efforts to improve security protocols. Businesses and institutions began investing more in cybersecurity and patch management, and there was a notable increase in collaboration among global cybersecurity experts. It also led to greater awareness about the importance of keeping systems updated—a lesson learned the hard way.
The WannaCry attack not only changed how organisations handle cybersecurity but also reshaped the landscape of cyber threat management. It underscored the critical need for proactive defences and swift incident responses.
Conclusion
So, when I recently delved into WannaCry while working on some malware analysis exercises, I was struck by the sheer scale of its impact. Writing this piece has been like piecing together a puzzle from a grand digital drama. WannaCry wasn’t just a cyber attack; it was a dramatic wake-up call, a lesson in vulnerability, and a catalyst for change in the cybersecurity industry.
Cybersecurity blog, by Neil aaron sawit 
Leave a comment