Then and Now: The ILOVEYOU and WannaCry Ransomware Attacks

MAY 26TH, 2020

May seems to be the month of mayhem when it comes to ransomware attacks.

Twenty years ago, the world watched as the devastating ILOVEYOU virus spread globally. Fast forward to May 2017 and the WannaCry attack wreaked havoc on organizations around the world. Even still today, ransomware attacks are reported on a daily basis.

Let’s take a look at how far cyberattacks have come, and why more needs to be done to stop them.

THEN: ILOVEYOU virus doesn’t leave victims with warm fuzzy feelings

In May 2000, a student from the Philippines wrote a code for the first true and, to this day, farthest reaching global cyberattack. CNN Business recently marked the 20-year anniversary of the virus with an in-depth look at ILOVEYOU.

How did it work? Someone would receive an email with the subject line “ILOVEYOU” and a message asking the recipient to open an attached love letter. What appeared to be a text file was actually an executable program that once opened, destroyed hard drives by renaming and deleting files while also sending copies of itself to all the contacts in the recipient’s email account.

As the virus spread, email servers from organizations around the world became clogged with the malicious emails while computers were rendered useless from lost data. Those who didn’t have backups faced the stark reality that their data was unrecoverable and lost forever.

Organizations around the world felt the wrath of ILOVEYOU – from Merrill Lynch and Ford, to the Pentagon and the British Parliament, the virus didn’t discriminate. Even Microsoft got hit, which may seem ironic since the virus spread via its own Outlook software.

In the end, the ILOVEYOU virus caused billions of dollars in damage across millions of computers globally. And the author’s punishment? Nothing – because in 2000, no laws around computer hacking existed.  

Ultimately, what made the ILOVEYOU virus spread so quickly around the world was that it intentionally exploited both technical and human vulnerabilities – from vulnerabilities of lack of email data protection and filtering to human vulnerabilities resulting from the innate need for love.

NOW: Organizations remain woefully unprepared for ransomware attacks on email applications

According to the CNN Business article, Hong Kong cybersecurity expert Michael Gazeley said, "What's frightening is that 20 years after, there are still plenty of organizations who don't take this seriously until they are hit. So many people still don't plan ahead."

Typically, organizations depend on email providers such as Microsoft or Google to run email servers and rely on them for spam filtering and attack alerts. But with Microsoft’s shared-responsibility model, Microsoft maintains platform updates but it’s the responsibility of the user to prevent data loss.

With more than 56 percent of businesses using Office 365, IDC reports that a whopping 92 percent of commercial subscribers do not use third-party backup, often inadvertently putting the business at risk of massive data loss and regulatory fines.

If ILOVEYOU taught us anything, it’s that backup of all critical systems and applications is crucial to maintain business continuity and thwart cyber attacks that result in data loss and downtime. And being proactive by ensuring proper security measures are in place is always more ideal than the potential damage of a reactive strategy.

THEN: WannaCry makes targets literally want to cry

The WannaCry attack was first detected on May 12, 2017. When a user unknowingly installed the ransomware onto his/her computer, the virus would contact a central server to activate and then encrypt the files of the infected computer. Once files were encrypted, a ransom payment was demanded with the threat of file deletion as a consequence of non-payment.

To add insult to injury, the virus then took advantage of a vulnerability in the Windows operating system that allowed it to spread from PC to PC across an organization’s entire network.

With the ransomware hidden within Word documents, PDFs, and other file types typically sent via email, the virus spread rapidly and caused massive downtime to affected organizations.

A $300 Bitcoin ransom was demanded to decrypt files, but when dealing with cyber criminals, that didn’t always guarantee full data recovery. Rather than paying the ransoms, experts recommended organizations wiped their machines and restored from backups. But, if proper backup solutions were not in place, organizations risked losing critical data.

The effects of WannaCry were felt around the world. Businesses such as Telefonica in Spain and government agencies including the National Health Service in the UK came to a screeching halt as IT teams scrambled to regain control of systems and recover lost data. The cost of the data loss and downtime as a result of the WannaCry attack exceeded $8 billion, according to one estimate.

NOW: Ransomware attacks continue to wreak havoc on organizations

With Cybersecurity Ventures estimating a ransomware attack will hit a business every 11 seconds by 2021, it’s now more likely than not that organizations will be attacked. With the threat of an attack constantly looming, a wait-and-see approach to data security and protection is no longer good enough.

If your ransomware protection strategy is dependent on backups but you don’t have a sound backup solution in place, WannaCry is proof that you could be in a world of hurt if your organization experiences a successful ransomware attack.

The solution: Combat ransomware with Arcserve solutions secured by Sophos

Arcserve recently expanded its alliance with Sophos to offer solutions that could have protected organizations from ILOVEYOU and that can thwart more sophisticated attacks such as WannaCry.

The result? Industry-first integrated cyber and data protection for infrastructures with on-premises, cloud, and SaaS-based workloads. Anti-ransomware and other threat prevention technologies are combined with immutable backup and disaster recovery (DR) capabilities for protection from cyberattacks, major disasters, human error, or other unplanned outages.

Cloud Backup for Office 365 Secured by Sophos protects Microsoft Office 365 data from intentional or unintentional deletion, programmatic issues and external security threats with cloud-to-cloud backup for Exchange Online, OneDrive for Business, and SharePoint Online.

Arcserve UDP Cloud Hybrid Secured by Sophos protects cloud-based workloads to enable cohesive cloud security, protection, and retention with cyber protection, policy-based management, RPO and SLA validation, application-level recovery, and DR onsite and to  public and private clouds with egress included.

Arcserve Appliances Secured by Sophos protect on-premises servers/workloads from ransomware and data loss without the complexity of multiple user interfaces and vendors. The appliances served as the marquee product that initially launched the industry-leading alliance between Arcserve and Sophos in 2019. 

Become cyber ready with cutting-edge technologies powered by Arcserve and Sophos that work seamlessly together to leave the risk of cyberattacks and data loss behind.

Download the Guide: Ransomware's Stunning Impact on Consumer Loyalty and Purchasing Behavior