Search Close
Identity Intelligence Blog

WannaCry Ransomware Attack – Not Targeted but Simply Opportunistic

Markus Jakobsson May 12th, 2017 Cybercrime
Fallback Featured Image

Earlier today, a range of U.K. health institutions were hit by a ransomware attack. There are no signs that these institutions were specifically targeted – in fact, in Spain and Portugal, where the same Trojan is also wreaking havoc, the victims are enterprises in other sectors. In other words, chances are that the victims were not singled out in any sense — maybe the only thing that led to them being attacked was that the criminals were able to get email addresses for these organizations.

While it is still unknown who the attackers were, it is clear that their goal was to monetize a scattershot style attack in which massive numbers of victims pay a relatively small amount to obtain the decryption keys to recover their computer systems. As such, it appears that they have been relatively successful, which of course means that we will see more of the same in the near future.

The WannaCry Trojan, in its current incarnation, was first documented in late March of this year. Unlike most ransomware threats that use social engineering techniques to convince the recipient to click, it was not delivered by email. With ransomware attacks, unless the recipient is protected by updated anti-virus software, his or her computer is encrypted as a result of clicking and a $300 ransom note is delivered. At that point, there is really no option but to pay, unless you have all your data backed up.

Relying on end-user awareness to spot these email attacks is a tenuous countermeasure, as it only takes one person in an organization to duped, and common attacks typically have a success rate of 10-25% per potential victim. It doesn’t take many employees for this to translate into near-certain success (for the attacker, that is).

The best way to prevent this type of attack is a layered approach that involves both email security technologies and anti-virus (AV) technology. While neither of these individual technologies is a silver bullet, together they are a meaningful defense. AV technologies block known threats, and commonly also use sandbox technologies to identify undesirable attachments. Email security technologies identify incoming emails that are sent from strangers, or from familiar accounts that appear to have been compromised, and which contain high-risk attachments.

However, it is important to note that not all AV products are equal, nor are all email security technologies. For example, AV technologies that focus squarely on blacklisting are easily circumvented by motivated attackers, and are only effective if patches are installed. Moreover, many organizations still are under the impression that spam filters can protect them against malicious emails. This is a grave misunderstanding. Spam filters, somewhat oversimplified, look for emails that contains words like “Viagra” – which ransomware emails, of course, do not. Instead, typical ransomware emails mention a neglected invoice, an important memo or a salacious news item, hoping that the recipient will be tricked into clicking on the link or attachment.

Leave a Reply

Your email will not be published. All fields are required.

December 6, 2018 Crane Hassold

How an Elite Counterintelligence Team Investigates BEC Scams Worldwide

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

November 28, 2018 Crane Hassold

Why Just Play Defense Against Cybercriminals When You Can Do So Much More?

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

February 22, 2018 John Wilson

Email Phishing Scam Continues to Target College Students

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

February 2, 2018 Agari

Tax season is open – and W-2 scammers are back in force

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

December 7, 2017 John Wilson

The DMARC Mandate: How to Protect Citizens from Cyber Crime

Markus Jakobsson, Chief Scientist for Agari, has spent more than 20 years as a security researcher,…

mobile image