Wannacry timeline: How it happened and the industry response to ransomware attack

From the day of the attack to the fall out and official statements about what happened, we break it all down.
12:02 PM
Share

On Friday, May 12, the UK’s National Health Service was knocked offline by a massive ransomware attack known at the time as the Wanna Decryptor (later dubbed WannaCry). Within 24 hours, a 22-year-old UK researcher found a 'kill switch' to slow down the global attack, which at that point had affected about 100 countries. By May 15 the number affected rose to 150 countries and a new threat emerged with security agencies warning US healthcare there could be more to come.

How WannaCry happened

In March, Microsoft discovered a vulnerability and issued a patch but not everyone updated their systems. Then in April, information was stolen (or leaked, no one is sure at this point) from the NSA that revealed the specific vulnerability and a hacking group sold the information. Despite issuing a way to fix the issue, Microsoft blasted the U.S. for 'stockpiling vulnerabilities' and allowing them to be stolen.

A day later, a new warning was issued for XP systems even though at that point, they were not affected. On May 17, reports that U.S. efforts paid off with fewer than 10 US victims when the dust settled after the initial attack.

Fallout from ransomware attack

The UK’s NHS were still using paper three days later while they continued their recovery efforts to get back online. Warnings were issued again for what many have believed is healthcare's biggest vulnerability, medical devices. The US Senate is now floating a bill requiring the NSA to stop stockpiling cyber weapons to help alleviate the risk of another ransomware attack.

HIMSS just happened to be in the middle of the Privacy & Security Forum in San Francisco when the news broke and our editor-in-chief, Tom Sullivan, explains what is was like to host a security forum when WannaCry hit the globe.

Official Statements Issued

1. May 12, a 22-year-old UK researcher from MalwareTech "accidentally stops a global cyber attack" and explains in detail how he did it.
2. May 12, Microsoft issues a critical security update and statement for users operating outdated Windows’ systems, such as Windows XP, Server 2003 and Windows 8.
3. May 14, UK National Cyber Security Centre issues a statement about the "international ransomware cyberattack."
4. May 14, Microsoft issues another statement to explain some lessons that have been learned from the attack.
5. May 15, Homeland Security Adviser Tom Bossert holds a White House press conference to confirm no federal agencies were affected.