WannaCry Remains a Global Threat Two Years On

Written by

WannaCry ransomware remains a global threat two years on from the initial outbreak of the attack in May 2017.

That’s according to new analysis from Malwarebytes, which discovered that a total of 4,826,682 WannaCry detections have been identified since the malware variant first wreaked havoc.

Although WannaCry variants detections have been subdued since the global kill switch was activated, they have far from disappeared. Malwarebytes’ research showed that Eastern countries are most at risk from WannaCry; the majority of detections since its initial spread landed in India (727,883), Indonesia (561,381), the US (430,643), Russia (356,146) and Malaysia (335,814). In the UK, there have been 17,185 detections since the initial attack took place, with just 41 incidents recorded since April 1 2019. In contrast, other countries have continued to register large numbers of detections in the same period; India (19,777), Indonesia (19,192) and the US (3325), for instance.

Malwarebytes also warned that hundreds of thousands of systems globally are still vulnerable to EternalBlue and EternalRomance, exploits that WannaCry used to propagate and spread, and that malware authors are using mechanisms that allowed WannaCry to spread so rapidly to launch a new generation of devastating trojans, such as Emotet and TrickBot, in order to target businesses.

Adam Kujawa, director of Malwarebytes Labs, said: “Two years since WannaCry brought many organizations, including the NHS, to a standstill, there has been a steady decrease in detections globally – but these still number in the hundreds of thousands.

“There are still so many WannaCry detections because there are still samples wandering the internet, and while the URL used as the ‘global kill switch’ has been registered – neutering much of the threat WannaCry poses – there are still many incidents where it is successfully exploiting the distribution methods we originally saw in May 2017.”

Kujawa pointed out that the most concerning issue is the new generation of trojans that are taking advantage of the same mechanisms that enabled WannaCry to cause so much damage, in an attempt to do the same thing.

“There are millions of systems out there that are vulnerable to these vicious forms of malware; businesses and consumers alike should make updating their systems regularly a top priority,” he added.

What’s hot on Infosecurity Magazine?