A while ago I wrote about the aftermath of WannaCry and how it had appeared to have killed off ransomware as both an illusive attack vector, and a profitable form of Malware.
In the wake of WannaCry there were a number of other wide spread attack such as NotPetya. However since then there has been relatively little buzz in terms of a crippling attack.
Now I'm not saying that no one will ever get hit by ransomware again. I am however speculating that due to the detrimental affect WannaCry had, society is a little bit more switched one.
Pre WannaCry AV solutions such as Bitdefender had no specific Ransomware protection enabled, the same can be said for the likes of MalwareBytes.
However this has since been rectified leading me to believe that even someone whom lacks a technical sophistication, will likely by unscathed should there be another wide spread ransomware.
The reason for WannaCry's prevalence is likley owed to the zero day exploits used. And the vast array of insecure SMB connections, this was later exspoited by Eternal Blue.
Once a machine had been compromised the WannaCry virus exspoited Double Pulsar another leaked vulnerability.
Many of the initial claims that WannaCry was spread via email came from the media, this lead to many people turning off their mail server or applying additional resources to their emails. Leaving their system connected to the outside world. This lead to many organisations in the dark about WannaCry being a worm.
I would consider the media to have a hand in the vast number of systems WannaCry reached. The fact that even today some media outlets have not updated there story's to highlight or correct the fact that WannaCry was a worm is beyond me. Additionally in terms of media sensations this was one of the first attacks to grab headlines.
Another issue with WannaCry being a worm was largely due to the fact that as an attack vectors in the recently years surrounding WannaCry their had been very little in terms of large scale worms.
Now don't get me wrong I am more than aware that there are still a huge amount of worms out there, I am merely stating that prior to WannaCry most of the "largest" worms date back prior to 2005.
There is still today a certain amount of mystery surrounding WannaCry with many speculating that North Korea were behind it. The US government "confirmed" North Korean involvement, but this could be taken with a grain of salt.
Furthermore in terms of propogation WannaCry was prolific, however it could be considered a huge failure at the same time.
Now from my understanding the whole intention of ransomware is to encrypt a system and await payment or ransom. If this is not receive in a timely manner the cost goes up or the system gets wiped.
But in terms of WannaCry the attackers made very little money, surely one of the most widely spread attacks would have forced many people to pay. While accurate figures for how much the attacker made are still unclear, it is estimated anywhere from $15,000 - $150,000.
This is why many researchers concluded that while WannaCry was a ransomware attack, it failed at that and could have had ulterior motive. In that it was more of a wide spread denial of service, just not in the traditional sense. The fact that it took down cash machines and critical NHS infrastructure could indicate that this theory has some legitimacy.
Another consideration is that it faced similar issues as Stuxnet in that it was able to propogate quicker and more effectively than initially anticipated. This could have lead to the malicious actor losing control of the situation and thus the high profile attack that WannaCry became.