• United States



Contributing Writer

WannaCry makes me want to cry!

May 16, 20174 mins
CyberattacksCybercrimeData and Information Security

Some random thoughts on the causes and ramifications of the biggest cybersecurity incident in years

As I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here are my two cents:

1. Ransomware continues to be a growth business, and a bit of work can provide a serious return. The FBI estimated that ransomware payments topped $1 billion in 2016, and I wouldn’t be surprised if we saw 100 percent year-over-year growth. 

2. For those of us who’ve been in cybersecurity for a while, WannaCry brings back memories of the internet worms we saw back in the 2000s (i.e. Code Red, Conficker, MSBlast, Nimda, etc.). Once one person on a network was infected, WannaCry simply went out and infected other vulnerable systems on the network. I knew that worm techniques would come back, but I always thought they’d be used as a smokescreen for other attacks. Looks like ransomware and internet worms can be as compatible as chocolate and peanut butter.

3. Anyone who knows me or reads my blogs knows that I’ve been screaming about the cybersecurity skills shortage for years. Oh yeah, it ain’t getting any better: ESG research indicates that 45 percent of organizations say they have a “problematic shortage” of cybersecurity skills today. Think of the impact of ransomware like WannaCry as a ramification of the skills shortage. We simply don’t have enough trained security folks scanning systems, doing threat intelligence research or responding to incidents when they occur. 

4. On a similar note, software patching continues to be one of the more operationally intensive activities for security, and IT operations folks and always seems to be a struggle. I’m sure a lot of shops simply never got around to patching thousands of Windows systems after the March patch updates were issued. Healthcare organizations may have been precluded from patching systems until the patch was approved by some slow-moving regulatory body or software provider. It should be noted that I’ve heard that this patch was particularly onerous, which may have held operations back.

5. It’s true that cybersecurity has become a boardroom issue, so allow me to offer a suggestion to all the business executives becoming more involved in cybersecurity strategy: Push your organizations to develop a plan to get off Windows XP as soon as possible. If boards are truly serious about mitigating cyber risks to the business, they shouldn’t take no for an answer.

6. Here’s another head scratcher in 2017: Many organizations still don’t back up systems regularly if at all, and this poor hygiene is especially true regarding PCs. Look for WannaCry and similar attacks to cause a temporary spike in business at Carbonite, LiveVault, etc.

7. Note that WannaCry impacted a lot of healthcare institutions, which tend to run many standalone PCs. This is a perfect application for desktop virtualization. When ransomware strikes, you simply shoot the image and restore a healthy one.

8. Cybereason offers a free ransomware protection tool here. It’s worth installing. Just thinking here—if Cybereason, an EDR vendor, can write and distribute Windows-based ransomware protection for free, why aren’t all the AV vendors providing their customers with similar free ransomware defenses? 

9.  It’s been reported that cyber adversaries targeted zero-day vulnerabilities stolen from NSA as part of WannaCry. If that is true, I wonder if NSA has any legal liabilities for damages? Regardless, it’s time for U.S. military and intelligence agencies to abandon their obsession with offensive cyber weapons and begin a serious national (and international) discussion about cyber rules of engagement. WannaCry isn’t a one-off attack. Once similar sophisticated tools and zero-day vulnerabilities find their way to cybercriminals, NSA cyber-techniques—paid for by U.S. taxpayers—will continue to be used against us big league. 

10. Just a theory, but I wouldn’t be surprised if WannaCry originated in North Korea.

Finally, those of us in the cybersecurity professional community have been expecting something like this for a long time. My advice to PC users is to proactively learn more about cyber risks and seek out protection—don’t wait for someone else’s help. 

At least WannaCry or something similar didn’t take down the power grid, not yet anyway. 

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author