5 Invaluable Plans of Action We Learned From the 2017 WannaCry Ransomware Attack

Lazarus, the shadowy North Korean group, considered by many as a ‘criminal hacking contractor’, believed to be the developer of the original WannaCry ransomware, is considered to be the mastermind behind the largest ransomware attack in the world – to date. Unleashed May 12, 2017.

Although evidence points to the shadowy group, some disagree it was their handiwork. Suggesting it could be one of a handful of countries such as Russia, China and Iran; who have “offensively advanced cyber-attacking capabilities” says Robert Silvers former assistant secretary for cyber policy at the U.S. Department of Homeland Security.

A brief review of what happened: 

The WannaCry ransomware infiltrated, and began wrecking havoc with computers, the world over, in May 2017. Rampaging across 150 countries for 7 hours. Not only compromising computers of individuals, but systems of banks, hospitals, government agencies, transportation companies and manufacturing plants to name a few.

With info provided by a 22 year old London based security researcher, employed by Kryptos Logic, it was brought to a halt several days later, on May 15th. Immediately thereafter enterprises rushed to install patches Microsoft made available. But for many it was too late; their files lost.

Who were the hackers and whom were they attacking?

This particular WannaCry was originally thought to be attacking computers running Windows XP.  However, eventually it was discovered it targeted a previously addressed Windows 7 SMB (server message block) vulnerability and not all Windows programs as was originally thought.

While the Lazarus group takes no claim for the
May 2017 attack, it appears connected – or at least very similar to – the original one unleashed by this North Korean group.

Malware code, in the May 2017 ransomware attack, was so similar to the original WannaCry ransomware it left a breadcrumb-like trail leading back to the Lazarus Group says both Kaspersky labs and security experts at Symantec. Although Eric Chien, technical director of Symantec Security Response says they don’t have enough evidence to pin the attack on Lazarus, he would not dismiss a link.

Who is the Lazarus Group?

The Lazarus group is relatively low-key, straddling the fence between political and criminal mischief, and in the past security experts have suggested they may be working for the North Korean government.

John Arquilla, chair of defense analysis at the Naval Postgraduate School in Monterey, California, says “I would call them (the Lazarus group) a strategic criminal actor”.  They do not announce their attacks, don’t send out communications of any type. And certainly don’t ‘tweet’ facts about upcoming attacks or info about those in progress.

What was the main attack plan?

Regardless who instigated this attack, experts have declared they found nothing else to point to but a plan to raise money.

The hacker’s plan appears to have been to hold computers hostage – charging $300 per computer – to be paid into Bitcoin wallets for the release of your computer files. To date, only 260 payments have been made. Amounting to a scant $70ish thousand dollars. This is due to the fact most of the Bitcoin wallets – into which the money was to be deposited – were improperly set up. Likely meaning there was no way to properly track who paid the ransom amount.

While the WannaCry ransomware attack compromised hundreds of thousands of computers, and victimized millions, there was much to be learned from the attack to help us arm ourselves and securely move into the future.

What did we learn from this ransomware attack which could help us move positively forward?

1. Cyber attacks, hackers and hacking are now a fact of life and must be planned for and dealt with by everyone.

Until the WannaCry ransomeware attack millions ignored the fact that cyber attacks had become a thing of the present. The fact is they weren’t on the wane, but on the rise. Having become the rule rather than the exception to.

It’s now understood – and become an accepted fact – that everyone from individuals to police departments to medical centers and the government have the potential of being attacked or hacked. In short, no one is safe from hackers.

2. It shocked most into taking additional or appropriate security measures to protect themselves and their data, their computers and other digital equipment.

Until this particular attack, people and companies ignored the serious need for proper digital security. To say it shocked most into changing their attitude and heading online to discover how to ramp up their security is putting it mildly.

Security experts say hacking and attacks, such as this, have slowly become part of our lives.  And we must learn how deal with them. With breaches such Equifax and Yahoo, traumatized corporations are now asking themselves if they’re taking the best actions to improve and secure their company; not to mention the data of clients they’re charged to host.

3. Security researchers are hard at work creating tools which can help WannaCry victims recover their files without paying the ransom.

It will take awhile, but security researchers are, at present, diligently working on the development of several tools which will help some of those victimized by WannaCry to regain possession of their files.  So far two are being developed – suited to the file decryption/restoration.

4.  The WannaCry ransomware attack resulted in a better understanding of the hows and whys of these attacks.

Eleanor Roosevelt said “You gain strength, courage and confidence by every experience in which you look fear in the face”. That said, you help eliminate fear by reaching out to arm yourself with solid info and facts. For example, when you better understand hacker tactics and what you can expect from attacks, and steps to take to help avoid them, you are far better prepared – and equipped – to handle them.

5.  The 2017 ransomware attack ultimately brought up the need for forums where these situations and events could be openly, and freely, discussed.

In short, most people were in the dark, worried and scared about these shadowy characters and their clearly fraudulent activities. Additionally these situations are complex and confusing. Stimulating security companies, security researchers and experts, to set up forums where facts and info could be shared.

Before this particular ransomware attack, there were few forums you could participate in where you could confidently, and openly, ask questions and get answers – or links to answers.

Make no mistake:

There are a wide variety of personal and financial information hackers can steal and sell. In fact this information is their ‘bread and butter’; items from which they receive the most financial gain.

Here’s just a few types of hacking security experts say we’re exposed to:

  • Keyloggers place malware into computers to steal personal, biz and financial info.
  • There are identity stealing hackers; who sell the info on the Dark Web.
  • Some specialize in appropriating and selling intellectual property.
  • Others stick to stealing financial info; selling it to the highest bidder.


While each hacker has their own style and type of hacking they prefer, we now have a clearer picture of who they are, what they’re doing and how they do it.  With hacking having become the norm, it’s now become the responsibility – of each of us – to take secure steps to protect ourselves from these fraud-perpetrating hackers. To learn new strategies to help preempt their efforts. Discovering how to cut them off before having the opportunity to use their cunning and illegal tactics to steal your personal and financial life. And, very importantly, to help you stay secure – even while attacks are in progress.

Looking for a Job or to start up a business? Get your fact and strategy-filled report. And get started today.

Are you just out of the military and looking for a job but
aren’t sure how to deal with the new get-a-job work

Free Cyber Security Improvement Report:
5 Tips to Improve the Security of Your Personal
Online Accounts and Info.