Is WannaCry Ransomware or Mayhemware?

WannaCry impacted a large number of computers world-wide, it appeared to exploit random Windows computers world-wide in a cascade fashion.  Exploiting the human element along with some known, though not patched, vulnerabilities in Microsoft Windows code (SMB).  The question of should Microsoft have patched the code or more importantly, why they didn’t, is something that I’m guessing history will understand.  As is the question about how extensive Microsoft has been exploited by the NSA and others for use in times of war or other state/syndicate needs.

However, despite the widespread distribution of the WannaCry malware, it appears that the authors have not collected their bounty in Bitcoins.  This could be because it was more successful than expected, or that it was just not their intent.  I can’t help feeling that this was mayhemware and not malware – something designed to cause disruption to perhaps test the potential to expose the risks posed by the NSA code.

Either way it is a wake up call to CISO’s and cyber security professionals all over the world – the old way of protecting the ‘edge’ of the network is dead.  Everything needs to be untrusted and managed as levels of managed risk – people included.

More technical detail can be found on WannaCry on Wikipedia.


28th June 2017 Update: NotPetya is running rampant too.  It appears to use a tweaked version of the open-source Minikatz code combined with the NSA leaked EternalBlue SMB exploit used by WannaCry.  The key difference with WannaCry appears to be the use of the ‘administrator’ credentials to gain access to more vital areas of the hard disk’s file structure improving the potency of the encryption and rendering devices unusable unless decrypted with the paid for key.

Is this a sign that Malware extortion is actually growing breed of mayhemware with the coders perfecting their art?