EC Ransomware: Should WannaCry Make You Wanna Buy Cyber Equities?


  • The WannaCry Ransomware Attack impacted over 200,000 users across 150 countries, but netted the hackers almost nothing (yet).
  • Blame for the attack has shifted between Microsoft (MSFT) and the NSA (who both knew of the flaw), as well as the yet-to-be-identified attackers.
  • We believe this attack is both unique and precedent-setting, and should be taken into account by investors when evaluating digital transformation initiatives and operational expenses of potential investments.
  • We see short-term potential for selected cybersecurity equities.

On Friday, May 12, 2017, the world was hit with what I'll call the first "intelligently automated" ransomware attack, spanning over 150 countries and 200,000+ victims. That's pretty "global" if you consider there are only 196 countries in the world.

We covered the attack on the 15th of May, 2017, during the Cheddar Opening Bell session from the NYSE. You can watch the video here, and then dive into a bit more of the details below, including a list of the vendors and providers that may benefit from this attack through increased demand for software or security services.

Microsoft, the NSA, and the Shadow Brokers

On Friday, over 200,000 users found their computer systems locked (encrypted) by the WannaCry/WannaCrypt tool, and were presented with instructions to pay $300 in bitcoins if they ever wanted to see their data again.

As ransomware attacks go, this was fairly straightforward, followed a well-known process, asked for an accepted, and low, payment, and started with a user opening an email and falling victim to a phishing attack (see the attached graphic from Carbon Black).

But, as ransomware attacks go, this one was also unique in several different ways, including its complexity, that begins in 2014 with Microsoft and the honorable pursuit of profits. Here's a breakdown of the timeline to provide some context around this event:

The Backstory

2014: Microsoft stops supporting Windows XP (and subsequently 8 and Server 2003) to cut costs and promote newer operating software. This includes security updates.

2016NSA (allegedly) discovers a vulnerability in Windows products, related to the Microsoft SMB (Server Message Block) function. The vulnerability is "weaponized" through an exploit tool it creates called EternalBlue. At this point, numerous Microsoft operating systems are vulnerable.

2016Shadow Brokers hacks NSA, acquiring NSA cyber tools, including EternalBlue.

February 2017: Microsoft unexpectedly delays its scheduled Patch Tuesday software update due to a "last minute issue".

March 2017: Microsoft releases the delayed software patch/update (which includes an un-sourced fix for the SMB vulnerability).

April 2017: Shadow Brokers dump NSA's EternalBlue SMB exploit onto the dark web (part of an ongoing 8-month-long dump).

April 2017: Microsoft confirms the SMB vulnerability targeted by EternalBlue has "already been fixed" for supported systems (primarily Windows 10, and excluding XP, 8, and Server 2003). Conspiracy theorists point to Microsoft's Patch Tuesday delay, wondering, at the time, "who tipped them off?"

The Attack

May 12, 2017 (Morning): WannaCry (WannaCrypt) appears, striking computers in Europe (Russia, Ukraine) before Asia (Taiwan), India, and North America (with little impact, as the US has a higher adoption rate of newer Windows operating software compared to other regions).

By melding EternalBlue software to ransomware software, allowing the attack to spread automatically without any human intervention, up to 300,000 machines are infected within 3 days. This is new to ransomware.

1 2 3 4
View single page >> |

For more insights, check out this free trial of Samadhi's Perspectives on Tech offering in the ...

How did you like this article? Let us know so we can better customize your reading experience. Users' ratings are only visible to themselves.


Leave a comment to automatically be entered into our contest to win a free Echo Show.