Once compromised, those vulnerable computers provided WannaCry's perpetrators with a gateway into an unknown number of Windows systems the world over as the virus wormed its way from machine to machine by exploiting a Microsoft vulnerability affecting multiple operating systems.
However, a bug in WannaCry code means the attackers can not use unique bitcoin addresses to track payments, security researchers at Symantec found this week.
The so-called WannaCry hack takes advantage of a vulnerability in Microsoft Windows, leveraging an exploit stolen from the NSA in April to lock the computer systems of companies ranging from hospitals to vehicle manufacturers in exchange for ransom. If there are none, don't lose hope: There may be new security tools to unlock your files in the future.
The vulnerability was considered so serious that they relented from their normal policy, "you're out of support, so you're out of luck", and provided a solution.
Update on a regular basis. That raised the crisis-level stakes of the attack and increased the chances that stricken victims would be coerced into paying.
What should I do if my company suffers a ransomware attack?
Fortunately, there was some good news in the midst of all this when a 22-year-old cyber security researcher, identified online only as MalwareTech, unintentionally discovered a "kill switch" that halted the unprecedented outbreak, something that may have saved companies and governments millions of dollars, slowing the outbreak before computers were more widely affected.
WannaCry is a wake-up call to enterprises and individuals of the need for better Cyber Security.
The worst cyber security threats are malicious, persistent and wormlike in their ability to spread havoc. For example, in India, most of the systems are not safe from future attacks.
Any organization which heeded strongly worded warnings from Microsoft to urgently install a security patch it labeled "critical" when it was released on March 14 on all computers on their networks are immune, experts agree.
The recent news that Microsoft delayed the release of a security patch created to counter WannaCry did little to help the company's poor press, but is Microsoft really in the wrong here? Since the late 1990s, the majority of industrial RF devices have used successive generations of Microsoft mobile operating systems, which allowed DCs to upgrade devices without changing their software applications. Over half of the 200,000 ransomware attacks targeted Russian users. Bahl stated in his interview that because smartphones could be the next target for the cyber-attackers, Sanjay Bahl, director general of the Indian Computer Emergency Response Team said. And now the recent event again has taken the world completely aback. He and Michael Hayden, the former director of the National Security Agency, argued that Cyber Command should be spun off from the NSA into an operation shaped like the Coast Guard, responsible for a combination of law enforcement, first response, public safety and cyber combat.
WannaCry in that sense is just the tip of the iceberg.