Comments
WannaCry, the malware that swarmed computer systems across the world two years ago, refuses to die. Though the original version has not been updated, thousands of short-lived variants of the dreaded malware continue to infect the systems.
The malware attack, which was first reported in May 2017, caused extensive damages in several countries.
India emerged as one of the major victims with 8.8 per cent of the 4.3 million WannaCry infection attempts were stopped worldwide by Sophos-protected endpoints in August 2019.
The original WannaCry malware was detected only 40 times. Since then, researchers have identified 12,480 variants of the original code. In August, about 7,000 variants were detected.
In a report titled ‘WannaCry Aftershock, Sophos, a cyber security solutions company, said that the WannaCry threat remains rampant and that millions of infection attempts stopped every month.
After entering the systems, WannaCry encrypts the data in a computer and send a ransom note to the victims, demanding heavy fee in order to release the data.
“The continued existence of the WannaCry threat is largely due to the ability of these new variants to bypass the ‘kill switch’,” the report said.
Fortunately, the ability of hackers to encrypt data was neutralised as a result of code corruption.
The kill switch
A kill switch is a specific URL that, if the malware connects to it, automatically ends the infection process. A closer look at the samples revealed that all systems had a corrupted ransomware component and were unable to encrypt the data.
“The new variants of the malware act as an accidental vaccine, offering still unpatched and vulnerable computers a sort of immunity from subsequent attack by the same malware,” it said.
“This means that the patch against the main exploit used in the WannaCry attacks has not been installed – a patch that was released more than two years ago,” Sophos researchers pointed out.
Install updates
“If you haven’t installed updates that were released more than two years ago – how many other patches have you missed,” Peter Mackenzie, security specialist at Sophos and lead author of the research, asked.
“Standard practice should be a policy of installing patches whenever they are issued, and a robust security solution in place that covers all endpoints, networks and systems,” he said.
How to be safe
- Ensure that you have a full inventory of all devices connected to your network and that they are up-to-date in terms of their security software.
- Always install the latest patches as soon as they are released on all devices on your network.
- Verify if your computers are patched against the EternalBlue exploit used in WannaCry by following these instructions:
Keep a regular back-up of your most important and current data on an offline storage device. This can help you avoid paying a ransom when infected by it.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.