WannaCry: Nuisance or catastrophe? What to expect next?

As we come to the one week point of the global pandemic of ransomware called WannaCry, it seems that while the infection gained worldwide (and unprecedented) news coverage, it has been more of a global nuisance than a global catastrophe. Some interesting points to note:

  • The most affected systems were un-patched Windows 7 and 2008 — not XP as thought earlier. This clearly points to patching cycle. It also validates the approach taken by Microsoft in Windows 10 to force Windows updates for consumers and small business. There was a lot of rage against the machine at the time, but in retrospect, can we agree that it was the right design choice?
  • The distribution method was not a phishing email, rather it seems the malware authors spread by scanning for networks that did not block port 445, which is used by the SMB protocol. It’s high time to correct this mis-configuration. Here is how to do it.
  • It may be that in the eyes of some users, this is another case of the security industry crying “wolf” again, thereby contributing to the numbness to such outbreaks.

What can we expect going forward?

  • As usual, criminals will be quick to take advantage of the attendant fear by pitching phony schemes to “protect” those that are worried they may be, or may become, victims.
  • There will be copycat malware. The distribution by worm (instead of phishing) makes network hygiene even more important.
  • Leaks will increase. Both Wikileaks and Shadow Brokers received tremendous publicity, and given the commercial nature of the latter, they will try and leverage this notoriety.
  • Patch hygiene may improve for a short period in businesses. This is similar to a driver slowing down after observing someone else pulled over by the police. The effects are only temporary though, sad to say.
  • Collaboration across the industry was a big part of blunting the damage. It looks set to continue, which is an incredibly good thing.