• United States




WannaCry 5 years on: Still a top threat

News Analysis
May 19, 20225 mins

As security pros reminisce about the ransomware’s anniversary, some note the more things change, the more they stay the same.

Multiple-exposure shot of a clock and calendar pages. [time / past / future / history / what's next]
Credit: STILLFX / Getty Images

Who doesn't love an anniversary and the opportunity to reminisce about "where we were" when an historical event happened? Such is the case over the last several days when it comes to remembering WannaCry, the ransomware that infected thousands of computers five years ago and cost companies all over the world billions of dollars in damages.

WannaCry broke onto the infosec scene on May 12, 2017. Taking advantage of the vulnerable version of the Server Message Block (SMB) protocol, it ultimately infected approximately 200,000+ machines in more than 150 countries. While Microsoft had issued a patch for the SMB flaw more than a month before the attacks began, millions of computers had not been unpatched against the bug. The largest ransomware attack ever, it impacted several big names globally, including the UK's National Health Service, US delivery giant FedEx, and Deutsche Bahn, the German railway company.

"This historic attack was one of the biggest of all time and destroyed hundreds of thousands of computers, almost exclusively targeting large corporations. Companies all over the world were infected: hospitals, car factories, power plants, train companies--the list goes on," wrote Mikko Hypp?nen, a highly-respected security veteran and currently Chief Research Officer at WithSecure.

The attack was eventually attributed to North Korea's Lazarus Group. But what is perhaps most notable about WannaCry is that it opened eyes to the coming plague that is ransomware today. While not new, it got people talking about this kind of malware, which until that point was not nearly as well-known. On Twitter, infosec influencers traded a few stories from the day and reflected on lessons learned.

"Today is the 5th anniversary of the Wannacry ransomware incident, which began as a spillover from a North Korean cyberattack. The spillover eventually brought the NHS to its knees until a lucky Brit bought a kill switch domain, halting it in its tracks," tweeted Gareth Corfield (@GaztheJourno), a writer covering technology and security for the Telegraph's business section.

That Brit mentioned by Corfield was then-22-year-old Marcus Hutchins (@MalwareTechBlog), a hugely popular influencer in the security space on Twitter who did a lot of his own reminiscing on the anniversary date.  Hailed as a hero to this day for his discovery of the kill switch that stopped the continued spread of the ransomware, he said press inquiries were pouring in.

"I keep getting interview requests like “it’s the 5 year anniversary of WannaCry--where are you now and how did the publicity advance your career?” then I have to explain I still work in the same position at the same company as I did before all that," he tweeted.

Still lurking, ready to wreak havoc

Like Hutchins' career moves, little has changed since that day in 2017 when WannaCry first hit, security experts say.

"5 yrs on from WannaCry. Lots has changed and lots hasn't," tweeted Lisa Forte (@LisaForteUK), a partner with security firm Red Goat Cyber Security. "Was it the cataclysmic change in security perception and cyber risk we hoped? Did TAs learn more than we did? Have Govs taken action to better secure zero days / offensive sec tools they develop? What are your thoughts?"

Most who weighed in felt that, no, despite its high profile, WannaCry made little long-lasting impact.

"Was it the cataclysmic change in security perception and cyber risk we hoped? No. Did TAs learn more than we did? Probably. Have Govs taken action to better secure zero days / offensive sec tools they develop? I think there has been policy changes… reality changes… who knows?" tweeted researcher and ethical hacker Daniel Card (@UK_Daniel_Card).

"I think you are entirely right. Sadly governmental processes seem to process on a decade scale while technology related issued [sic] progress on an monthly or even daily basis," added TrustedSec founder Dave Kennedy (@geordiemuppet).

Clearly this is reflected in WannaCry's current status as a top threat, still out there and waiting for the right opportunity with vulnerable businesses. Reporter Connor Jones of ITProUK points out in a recent article that many fail to realize that WannaCry still actively lurks on the ransomware landscape.

"What's more, cyber criminals still using WannaCry have learned from its failures and have come back with reworked, retooled versions that eliminate the 'low hanging fruit' kill switch that ultimately proved its downfall five years ago," he writes.

So, happy 5th anniversary to you, WannaCry! You don't look a day over four. And if the status of many networks is any indication, you are as fresh as the day you were born. But not everyone thinks you're worth celebrating.

"I'm celebrating an alternate holiday today," tweeted Tarah M. Wheeler (@tarah), founder of security firm Red Queen Technologies. "Instead of wishing people Happy WannaCry Day, I'm offering a heartfelt Merry Patch Your S*** Eve to those who celebrate."