UPDATED 22:39 EDT / SEPTEMBER 18 2019

SECURITY

Two years on, WannaCry ransomware is targeting more computers than ever

The infamous WannaCry ransomware that was thrust into the public spotlight in May 2017 is not only still around but also still targeting more computers than ever.

The finding comes today from a report from security firm Sophos Group plc, which have found that two years on, modified WannaCry variants are still causing headaches for information technology administrators and security analysts. The research found that the WannaCry threat remains rampant, with millions of infection attempts stopped every month, and that though the original malware has not been updated, many thousands of variants are in the wild.

Indeed, the number of WannaCry variants is staggering: Sophos Labs has detected 12,480 variants of the original code to date. Some 2,700 samples, accounting for 98% of detections, have evolved to bypass the kill switch that brought the original WannaCry ransomware to a halt.

In August 2019 alone, Sophos telemetry detected 4.3 million instances of WannaCry. The number of different variants observed came in at 6,963. Of those, 5,555 or 80 percent, were new files.

Researchers did find that the way in which WannaCry infects new victims can provide users with protection. WannaCry variants check to see if a computer is already infected and, if so, move on to another target, leaving an infection by an inert version of the malware that actually protects the device from being infected from active strains in the future. The researchers dub the process as “accidental vaccine.”

“The WannaCry outbreak of 2017 changed the threat landscape forever,” Peter Mackenzie, security specialist at Sophos, said in a statement. “Our research highlights how many unpatched computers are still out there, and if you haven’t installed updates that were released more than two years ago – how many other patches have you missed?”

In this case, he added, “some victims have been lucky because variants of the malware immunized them against newer versions. But no organization should rely on this. Instead, standard practice should be a policy of installing patches whenever they are issued, and a robust security solution in place that covers all endpoints, networks and systems.”

Image: Maxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.