Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs Cisco Partner Summit Digital 2020 Lenovo Tech World Newsroom Dell Technologies World Digital Experience 2020 HPE Zone Masergy Zenith Partner Program Newsroom Intel Partner Connect Digital Newsroom Dell Technologies Newsroom Fortinet Secure Network Hub IBM Newsroom Juniper Newsroom The IoT Integrator Lenovo Channel-First NetApp Data Fabric Intel Tech Provider Zone

WannaCry Is 'Different From Anything We've Ever Seen,' Security Experts Say

The combination of ransomware and a computer worm has led to a fast-spreading and debilitating cyberattack.

The massive WannaCry cyberattack has represented a new type of threat by combining a computer worm with ransomware, cybersecurity researchers told CRN.

"WannaCry is different from anything we've ever seen before in that it's a union of the old and new," said Haiyan Song, senior vice president of security markets at Splunk, in an email to CRN. "When you combine WannaCry ransomware and a worm this powerful, there's no surprise the result is a global attack."

[RELATED: Trump's National Security Advisor: WannaCry Attack 'Under Control']

"This implementation has coupled 'wormable' self-propagation capabilities as seen with the crippling 'Denial of Data' attacks of 2016," Song said.

The worst of the WannaCry attacks may be over, after 200,000 computers were crippled across 150 countries starting last Friday. The attacks have involved a demand of a Bitcoin payment — equal to $300 -- in order to unlock computer systems.

Healthcare systems and telecom companies have been among notable victims. Damages from WannaCry could reach $4 billion, according to cyberrisk analytics platform provider Cyence.

Computer worms were at one point very common as a vessel for cyberattacks, but have been less so over the past decade, according to Yaacov Ben Naim, senior director of cyber research at CyberArk. Prominent examples of worms in the 2000s included Sobig.F, ILOVEYOU and Conficker.

The worm method is "typically very noisy in its nature and worms became easier to detect," Ben Naim told CRN. "What makes this unique is the use of the SMB [Server Message Block in Windows] vulnerability – a common protocol not blocked by internal firewalls."

CyberArk Labs has tested more than 600,000 ransomware samples, and found that WannaCry is "differentiated by a worm that spreads the ransomware as quickly as possible to as many machines as possible," he said.

The company has studied ransomware families that steal credentials or attempt to guess passwords as a way to spread. "But this is one of the first instances that we've seen ransomware coupled with a worm," Ben Naim said.

Robby Hill, CEO of HillSouth, a solution provider based in Florence, S.C., said that WannaCry "was able to spread much faster with this combination of both ransomware and vulnerability-seeking worm in one threat."

"WannaCry reinforces to corporations and individuals how vital everyday mundane security patching and updates are, as well as discarding systems that are end of life," Hill said.

Back to Top



trending stories

sponsored resources