In our 2017 BakerHostetler Data Security Incident Response Report, we addressed the increasingly ubiquitous scourge of ransomware, one of the fastest-growing types of malware causing data security incidents. We noted that ransomware attacks have been steadily expanding in both frequency and severity, and that those trends seemed set to continue for the foreseeable future.
Less than a month later, the most prominent ransomware attack to date swept the globe and dominated headlines. As we previously reported, on May 12, 2017, thousands of companies were affected by the so-called “WannaCry” ransomware variant, which exploited a known Microsoft Windows vulnerability (patched since March 2017) and spread rapidly across borders and industries. Despite the facial complexity of its origins, reportedly using an exploit revealed in National Security Agency documents, signs have emerged that the perpetrators of the WannaCry outbreak were perhaps less sophisticated than one might expect. Specifically, WannaCry’s authors seem to have included “amateur flaws” in their design, such as a straightforward kill switch, an “unsavvy” payment protocol and a poorly designed ransom function. As a result, WannaCry was halted by a simple domain name registration, and the financial yield for the perpetrators appears to have been surprisingly low. Continue Reading