It’s been a year since the WannaCry ransomware swept the globe, encrypting computers and wreaking havoc in the process. So you might think we’d have the vulnerability it exploited neatly wrapped up by now.
You’d be wrong.
Despite the potential billions of dollars in damage caused by the likely North Korean ransomware, hundreds of thousands of computers around the globe are still vulnerable to similar attacks — and that’s probably not going to change any time soon.
WannaCry hit the world hard on May 12, 2017. It wasn’t long before security researchers determined that the reason it was able to spread so quickly from computer to computer — like those at UK hospitals — was because of an exploit once hoarded by the NSA: EternalBlue.
But here’s the thing: EternalBlue was patched by Microsoft before WannaCry hit. We learned this in April of 2017 when, following the news that the Shadow Brokers hacking group dumped a bunch of stolen NSA exploits, a Microsoft official told us we were all good.
“We’ve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products,” a spokesperson told us at the time. “Customers with up-to-date software are already protected.”
Yet WannaCry, fueled by EternalBlue, still came. The problem, of course, was unpatched systems. And you’ve guessed it — many systems remain vulnerable to this day.
“We estimate a wide variety of hundreds of thousands of untreated and dormant Microsoft Windows infections maintain a foothold and are responsible for the residual and continued propagation of WannaCry,” explained security research firm Kyptos Logic this April, “which by our dataset analysis and estimates reach several (potentially tens of) million systems through an ebb and flow infection cycle every month.”
When Kryptos Logic speaks about WannaCry, you should listen. It was one of the company’s employees, Marcus Hutchins, who managed to stop the initial wildfire spread of the ransomware last year by finding and activating a so-called kill switch.
So where does this leave us? Always make sure your operating system is up to date. The rest of it, unfortunately, is mostly out of your hands.
That doesn’t mean there isn’t a lesson to be learned, albeit a grim one: Even after vulnerabilities are patched, they still pose a threat. In the world of ransomware, you can never let your guard down.