Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

The Impact of WannaCry on the Ransomware Conversation

By this point, we’ve all heard about the major ransomware attack that impacted an estimated 200,000 computers across 150 countries earlier this month. A malware variant dubbed WannaCry made its way into network infrastructure globally, encrypting data and demanding a ransom of $300 USD per infected computer.

By this point, we’ve all heard about the major ransomware attack that impacted an estimated 200,000 computers across 150 countries earlier this month. A malware variant dubbed WannaCry made its way into network infrastructure globally, encrypting data and demanding a ransom of $300 USD per infected computer.

Aside from being the largest ransomware attack in history, there are a few other reasons why this attack is particularly unique. While the methods that were used were not net new, the approach was – that is, hackers took two of the most successful ways in which to target organizations and combined them to create a worldwide cybersecurity incident.

All indicators point to the initial infection occurring via a traditional phishing attempt, in which unsuspecting employees downloaded malicious files from their email. What made WannaCry so impactful was its ability to break away from its originating computer and rapidly traverse the network, infecting connected computers in its wake.

While phishing, ransomware and a fast-moving worm are not in themselves new, the combination of these strategies was epidemic-like. As WannaCry requires no ongoing interaction on the part of the attacker, it was the perfect method to quickly spread throughout a vulnerable enterprise.

While this approach isn’t entirely surprising, it is alarming and appears to be the first time that a ransomware payload has been targeted in this way at such a large scale.

Ransomware is not a new issue. It has been around for decades, and it’s been talked about in earnest in the security industry for several years now. Nonetheless, it continues to be one of the top causes for concern for CISOs, and ransomware attacks grew 36 percent in 2016. So why is it continuing to have such a major impact on cybersecurity? Because solving this problem is really, really hard.

Ransomware is so successful because it relies on a human element, and as much as we hate to admit it, humans are fundamentally flawed. It’s for this reason that WannaCry continued to impact computers well into the week following the initial attack, despite many organizations spending all weekend notifying their employees and the public and fixing the issues that hit during the business day on Friday. No matter how much employee training or awareness goes into instructing your employees or the general public to refrain from opening attachments, deleting unknown emails and paying attention to the crucial signs of ransomware, the mere reliance on humans is an inherent failing that cannot be overcome.

So what can you do to protect your organization from an inevitable targeting? While ransomware attacks and targets may have evolved, the ways to protect yourself haven’t. As I wrote in a post nearly one year ago, there are a few steps that organizations should absolutely implement before they are targeted by an attack.

The best way to react after becoming the victim of a ransomware attack is to completely erase all data from your systems, removing the hackers’ ability to control your information. Take a “no negotiation with terrorists” stance. Of course, that also removes all of your own data, which means it’s crucial to have extensive back-ups, thereby removing the hold that criminals have over you altogether. Understanding your organization’s use and warehouse of data, and backing up all of that data, is an essential first step toward preventing any ramifications of a future ransomware attack.

It’s also important to develop a plan of action in the event that your organization is compromised. Consider the potential implications to your reputation, such as company valuation or public brand perception, if you do or do not pay a ransom. Have a plan in place that acknowledges the different stakeholders that need to be consulted before any decision is made, so you are fully aware of the chain of command to quickly and swiftly execute a remediation plan, if necessary.

If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.