Blog
← Back to Blog
May 15, 2017 cybersecurity

WannaCry: The Ransomware Attack That Changed Everything

Global cybersecurity threat concept

Last Friday, the world experienced the largest ransomware attack in history. WannaCry (also known as WannaCrypt or WCry) infected over 200,000 computers across 150 countries in less than 48 hours. Hospitals in the UK turned away patients. FedEx operations were disrupted. Renault shut down manufacturing plants. Telefonica, the Spanish telecom giant, sent employees home.

This isn't a drill. This isn't a theoretical risk. This is what we've been warning about for the past year.

What Happened

WannaCry is a ransomware worm. Unlike typical ransomware that requires someone to click a malicious link or attachment, WannaCry spreads automatically across networks by exploiting a vulnerability in Windows' SMBv1 file sharing protocol. Once it infects one machine, it scans for other vulnerable machines on the same network and infects them too. No human interaction required.

The vulnerability it exploits, known as EternalBlue, was originally discovered by the NSA and was part of the Shadow Brokers leak we wrote about last August. The NSA knew about this vulnerability and used it for surveillance rather than reporting it to Microsoft. When the tools were leaked, Microsoft scrambled to release a patch (MS17-010) in March 2017.

That patch has been available for two months. Every machine that was infected by WannaCry was a machine that hadn't applied a two-month-old security update.

Why Healthcare Was Hit Hardest

The UK's National Health Service was devastated. At least 48 NHS trusts were affected. Ambulances were diverted. Surgeries were cancelled. Patient records were inaccessible.

Healthcare organizations were particularly vulnerable because:

  • Legacy systems: Many NHS computers still ran Windows XP, which was no longer receiving security updates
  • Flat networks: Hospital networks often lack segmentation, allowing the worm to spread freely
  • Slow patching: Healthcare environments are notoriously slow to apply updates due to concerns about disrupting medical systems
  • 24/7 operations: You can't easily take hospital systems offline for maintenance

Sound familiar? These are the same issues we see in dental and medical practices every day.

What You Need to Do Right Now

Today

  1. Patch immediately. Apply Microsoft security update MS17-010 to every Windows machine in your practice. Every single one. This is the specific vulnerability WannaCry exploits.
  2. Disable SMBv1. Even after patching, disable SMBv1 on all machines. It's an outdated protocol with known security issues. Most dental software doesn't require it.
  3. Verify backups. Check that your backups are current and test a restore. If WannaCry hits your practice, backups are your recovery plan.

This Week

  1. Kill Windows XP. If you still have any machines running Windows XP, take them offline. Microsoft released an emergency XP patch for WannaCry (that's how serious this is), but XP is fundamentally insecure. Replace these machines.
  2. Segment your network. Medical devices, workstations, and servers should be on separate network segments. If WannaCry gets into one workstation, segmentation prevents it from spreading to your server and backups.
  3. Block port 445. At your firewall, block inbound SMB traffic (port 445) from the internet. This should already be blocked, but verify.

This Month

  1. Implement automated patching. WannaCry exploited a two-month-old vulnerability. If your practice had a reliable patch management process, you'd already be protected. Set up automatic updates or a managed patching schedule.
  2. Review your endpoint protection. Modern endpoint protection with behavioral analysis can detect and stop ransomware, even new variants. Basic antivirus can't.

The Bigger Picture

WannaCry is a turning point. It demonstrated that ransomware can spread automatically, move at machine speed, and cause real-world harm to patient care. The leaked NSA tools that enabled it are still available. More attacks using similar techniques are coming.

We've been saying this for a year: patch your systems, secure your networks, maintain your backups. WannaCry proved that this isn't theoretical advice. It's survival.