WannaCry Is 'Different From Anything We've Ever Seen,' Security Experts Say
The massive WannaCry cyberattack has represented a new type of threat by combining a computer worm with ransomware, cybersecurity researchers told CRN.
"WannaCry is different from anything we've ever seen before in that it's a union of the old and new," said Haiyan Song, senior vice president of security markets at Splunk, in an email to CRN. "When you combine WannaCry ransomware and a worm this powerful, there's no surprise the result is a global attack."
[RELATED: Trump's National Security Advisor: WannaCry Attack 'Under Control']
"This implementation has coupled 'wormable' self-propagation capabilities as seen with the crippling 'Denial of Data' attacks of 2016," Song said.
The worst of the WannaCry attacks may be over, after 200,000 computers were crippled across 150 countries starting last Friday. The attacks have involved a demand of a Bitcoin payment — equal to $300 -- in order to unlock computer systems.
Healthcare systems and telecom companies have been among notable victims. Damages from WannaCry could reach $4 billion, according to cyberrisk analytics platform provider Cyence.
Computer worms were at one point very common as a vessel for cyberattacks, but have been less so over the past decade, according to Yaacov Ben Naim, senior director of cyber research at CyberArk. Prominent examples of worms in the 2000s included Sobig.F, ILOVEYOU and Conficker.
The worm method is "typically very noisy in its nature and worms became easier to detect," Ben Naim told CRN. "What makes this unique is the use of the SMB [Server Message Block in Windows] vulnerability – a common protocol not blocked by internal firewalls."
CyberArk Labs has tested more than 600,000 ransomware samples, and found that WannaCry is "differentiated by a worm that spreads the ransomware as quickly as possible to as many machines as possible," he said.
The company has studied ransomware families that steal credentials or attempt to guess passwords as a way to spread. "But this is one of the first instances that we've seen ransomware coupled with a worm," Ben Naim said.
Robby Hill, CEO of HillSouth, a solution provider based in Florence, S.C., said that WannaCry "was able to spread much faster with this combination of both ransomware and vulnerability-seeking worm in one threat."
"WannaCry reinforces to corporations and individuals how vital everyday mundane security patching and updates are, as well as discarding systems that are end of life," Hill said.