Info-tech

WannaCry malware threats remain rampant: Report

K V Kurmanath Hyderabad | Updated on September 19, 2019 Published on September 19, 2019

Representative image

Sophos detects 12,480 variants; India accounts of 8.8 per cent of 4.3 million WannaCry malware attacks in August 2019

WannaCry, the malware that swarmed computer systems across the world two years ago, refuses to die. Though the original version has not been updated, thousands of short-lived variants of the dreaded malware continue to infect the systems.

The malware attack, which was first reported in May 2017, caused extensive damages in several countries.

India emerged as one of the major victims with 8.8 per cent of the 4.3 million WannaCry infection attempts were stopped worldwide by Sophos-protected endpoints in August 2019.

The original WannaCry malware was detected only 40 times. Since then, researchers have identified 12,480 variants of the original code. In August, about 7,000 variants were detected.

In a report titled ‘WannaCry Aftershock, Sophos, a cyber security solutions company, said that the WannaCry threat remains rampant and that millions of infection attempts stopped every month.

After entering the systems, WannaCry encrypts the data in a computer and send a ransom note to the victims, demanding heavy fee in order to release the data.

“The continued existence of the WannaCry threat is largely due to the ability of these new variants to bypass the ‘kill switch’,” the report said.

Fortunately, the ability of hackers to encrypt data was neutralised as a result of code corruption.

The kill switch

A kill switch is a specific URL that, if the malware connects to it, automatically ends the infection process. A closer look at the samples revealed that all systems had a corrupted ransomware component and were unable to encrypt the data.

“The new variants of the malware act as an accidental vaccine, offering still unpatched and vulnerable computers a sort of immunity from subsequent attack by the same malware,” it said.

“This means that the patch against the main exploit used in the WannaCry attacks has not been installed – a patch that was released more than two years ago,” Sophos researchers pointed out.

Install updates

“If you haven’t installed updates that were released more than two years ago – how many other patches have you missed,” Peter Mackenzie, security specialist at Sophos and lead author of the research, asked.

“Standard practice should be a policy of installing patches whenever they are issued, and a robust security solution in place that covers all endpoints, networks and systems,” he said.

How to be safe

  • Ensure that you have a full inventory of all devices connected to your network and that they are up-to-date in terms of their security software.
  • Always install the latest patches as soon as they are released on all devices on your network.
  • Verify if your computers are patched against the EternalBlue exploit used in WannaCry by following these instructions:

Keep a regular back-up of your most important and current data on an offline storage device. This can help you avoid paying a ransom when infected by it.

Published on September 19, 2019
This article is closed for comments.
Please Email the Editor