#INFOSEC17 Malwarebytes: WannaCry was Amateur Attackers Using Sophisticated Exploit

Written by

The WannaCry ransomware was ‘amateur’, but using a sophisticated exploit was the reason for its success.

Speaking to Infosecurity at Infosecurity Europe, Malwarebytes CEO Marcin Kleczynski said that anything paired with this exploit would have enabled a successful attack. “I think WannaCry was tame compared to what it could have been, if it had happened faster than the month it took from leak to attack we would have been in deep trouble,” he said.

“Shadow Brokers released it, Microsoft patched it and then the attack happened. Had that time shrunk then you’re talking about a different vector of attack as it takes time to patch those endpoints.”

Kleczynski went on to say that he did not believe that the attack was nation state-sponsored, as despite theories that North Korea or China was behind it, he believed this was a ‘script kiddie’ sitting in a basement, “or two or three individuals carrying out this attack who got lucky.”

“Attribution is hard because half of the time we get it wrong that we may throw ideas at the wall, we think this is an amateur attack carried out by individuals”, he said.

In terms of the NHS infection, he said that if you cast a wide enough net, you catch something, and with this being wormable, it had the potential to capture large organizations and ‘it was sheer coincidence’ as the attacks were randomly attacking.

Asked if businesses will be better prepared after this incident, Kleczynski said that Malwarebytes was able to block the exploit, but with its anti-ransomware technology, it looks for behavior and ‘encryption events’ which may cause files to be encrypted. “We believe in defense in depth, in the last layer, as we don’t want files to get encrypted and there as we think it is such a large issue that we need this layer to distinguish encryption events from the bad incidents,” he said.

“Ransomware is getting so sophisticated, this one was such an amateur attack but the exploit was so unique. This was the perfect storm.”

Speaking on the keynote stage at Infosecurity Europe yesterday, James Lyne, head of security research at Sophos, said: “We can’t rely on continued tools to help us decrypt ransomware—WannaCry is a wake-up, but it could be worse.”

What’s hot on Infosecurity Magazine?