In May 2017, the whole world faced a major attack. With a malware known as WannaCry, many computers were hijacked, data was stolen and $300 Bitcoin was requested to be sent to the designated wallet. Hundreds of thousands of computers in more than 150 countries were affected by this attack. Some agreed to pay the ransom, while others failed to recover their data. This was the first time such a situation had occurred, and it had a great impact all over the world. The situation was so serious that some government systems, systems belonging to transportation companies and private companies were exposed to the WannaCry attack. So what was this WannaCry? How did it come about, and are we still at risk today?
WannaCry was affecting Windows operating systems. It somehow infiltrated the computers, making it do nothing under the control of the user. The only way out of this was to give the requested ransom to the hackers. The hackers, who are still unknown, relied on EternalBlue and DoublePulsar, created by America’s National Security Agency, in this attack. Thanks to these tools, Windows operating systems could be easily infiltrated and spread to all computers on the network. Security experts quickly figured out how WannaCry worked. WannaCry, which reached computers in the systems through the SMB protocol in Windows operating systems (files can be accessed through certain ports using this protocol), was spreading rapidly.
The WannaCry attack went like this; First, DoublePulsar was used and thus backdoors were opened in operating systems, and immediately after that, systems were accessed quickly using the EternalBlue vulnerability. Afterwards, an interface was shown to the users. In this interface, information was given on what to do.
Microsoft was actually aware of such an attack, it knew the vulnerability in their operating systems. A security patch has been released for this. However, individual users and companies were late to install this security patch on their systems. In just a few hours, WannaCry spread in a way that even hackers didn’t expect. Billions of dollars worth of Bitcoin have been sent to the designated Bitcoin wallet. Then the attacks ceased. Or at least it was intended to be thought to have been cut.
A month later, a second attack came. The target this time was the websites of advertising companies, large shipping companies and supermarket chains. The hackers had made another big hit for the second time. Although not as much as the first, the second attack was successful by the hackers.
So what happened at that time? If you say, intelligence services were blamed. Governments have been heavily criticized. Many systems crashed and ransoms were paid to hackers in order for these systems to be used again.
How safe are we now?
According to the emerging data, we are still not safe. Currently, especially users who do not have the latest version of their operating system are faced with the WannaCry threat. 1.7 million computers can be attacked by WannaCry at any time. As for what we have to do; It is necessary to use genuine Microsoft operating systems and keep our computers up to date. However, of course, such measures may not be fully sufficient in the internet environment. In order to be protected from WannaCry and many subsequent viruses, it is necessary to stay away from untrusted sites as much as possible.