As security pros reminisce about the ransomware’s anniversary, some note the more things change, the more they stay the same. Credit: STILLFX / Getty Images Who doesn’t love an anniversary and the opportunity to reminisce about “where we were” when an historical event happened? Such is the case over the last several days when it comes to remembering WannaCry, the ransomware that infected thousands of computers five years ago and cost companies all over the world billions of dollars in damages. WannaCry broke onto the infosec scene on May 12, 2017. Taking advantage of the vulnerable version of the Server Message Block (SMB) protocol, it ultimately infected approximately 200,000+ machines in more than 150 countries. While Microsoft had issued a patch for the SMB flaw more than a month before the attacks began, millions of computers had not been unpatched against the bug. The largest ransomware attack ever, it impacted several big names globally, including the UK’s National Health Service, US delivery giant FedEx, and Deutsche Bahn, the German railway company. “This historic attack was one of the biggest of all time and destroyed hundreds of thousands of computers, almost exclusively targeting large corporations. Companies all over the world were infected: hospitals, car factories, power plants, train companies—the list goes on,” wrote Mikko Hyppönen, a highly-respected security veteran and currently Chief Research Officer at WithSecure. The attack was eventually attributed to North Korea’s Lazarus Group. But what is perhaps most notable about WannaCry is that it opened eyes to the coming plague that is ransomware today. While not new, it got people talking about this kind of malware, which until that point was not nearly as well-known. On Twitter, infosec influencers traded a few stories from the day and reflected on lessons learned. “Today is the 5th anniversary of the Wannacry ransomware incident, which began as a spillover from a North Korean cyberattack. The spillover eventually brought the NHS to its knees until a lucky Brit bought a kill switch domain, halting it in its tracks,” tweeted Gareth Corfield (@GaztheJourno), a writer covering technology and security for the Telegraph’s business section. That Brit mentioned by Corfield was then-22-year-old Marcus Hutchins (@MalwareTechBlog), a hugely popular influencer in the security space on Twitter who did a lot of his own reminiscing on the anniversary date. Hailed as a hero to this day for his discovery of the kill switch that stopped the continued spread of the ransomware, he said press inquiries were pouring in. “I keep getting interview requests like “it’s the 5 year anniversary of WannaCry—where are you now and how did the publicity advance your career?” then I have to explain I still work in the same position at the same company as I did before all that,” he tweeted. Still lurking, ready to wreak havoc Like Hutchins’ career moves, little has changed since that day in 2017 when WannaCry first hit, security experts say. “5 yrs on from WannaCry. Lots has changed and lots hasn’t,” tweeted Lisa Forte (@LisaForteUK), a partner with security firm Red Goat Cyber Security. “Was it the cataclysmic change in security perception and cyber risk we hoped? Did TAs learn more than we did? Have Govs taken action to better secure zero days / offensive sec tools they develop? What are your thoughts?” Most who weighed in felt that, no, despite its high profile, WannaCry made little long-lasting impact. “Was it the cataclysmic change in security perception and cyber risk we hoped? No. Did TAs learn more than we did? Probably. Have Govs taken action to better secure zero days / offensive sec tools they develop? I think there has been policy changes… reality changes… who knows?” tweeted researcher and ethical hacker Daniel Card (@UK_Daniel_Card). “I think you are entirely right. Sadly governmental processes seem to process on a decade scale while technology related issued [sic] progress on an monthly or even daily basis,” added TrustedSec founder Dave Kennedy (@geordiemuppet). Clearly this is reflected in WannaCry’s current status as a top threat, still out there and waiting for the right opportunity with vulnerable businesses. Reporter Connor Jones of ITProUK points out in a recent article that many fail to realize that WannaCry still actively lurks on the ransomware landscape. “What’s more, cyber criminals still using WannaCry have learned from its failures and have come back with reworked, retooled versions that eliminate the ‘low hanging fruit’ kill switch that ultimately proved its downfall five years ago,” he writes. So, happy 5th anniversary to you, WannaCry! You don’t look a day over four. And if the status of many networks is any indication, you are as fresh as the day you were born. But not everyone thinks you’re worth celebrating. “I’m celebrating an alternate holiday today,” tweeted Tarah M. Wheeler (@tarah), founder of security firm Red Queen Technologies. “Instead of wishing people Happy WannaCry Day, I’m offering a heartfelt Merry Patch Your S*** Eve to those who celebrate.” Related content news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe