As Suspected, Wannacry Continues To Run Amok

Almost two months have passed since the infamous Wannacry Ransomware took its first victim and, subsequently, made its first profit. Although the infection’s spreading was halted immediately after its emergence – that is when a kill-switch was found and enabled – the threat is still wreaking havoc, and information regarding new attacks shows up every day. Fake versions of this malicious infection have been found, and a similar threat called “Petya Ransomware” (also known as “NotPetya Ransomware”) has found a way to spread and attack Windows operating systems all over the world as well. While it is obvious that malware creators are to blame for the activity of these infections, we have to look at ourselves first. After all, even the latest data shows that only 15% of global companies – who are the main target – plan on taking appropriate action to prevent ransomware from infecting their networks.

Here is a quick rundown of the facts we have about the malicious Wannacry Ransomware. It started spreading on 12 May 2017. According to the reports, over 230,000 computers were hit by the infection in over 150 countries within the same day. The infection was executed by a Wannacry worm that was spread using the known Windows SMB (Server Message Block) vulnerability. The vulnerability was patched with an update that was released on 14 March 2017. Windows 7 systems were targeted by the infection in most cases, but that is mainly due to the fact that this version of the Windows operating system is still the most popular one. The infection gained attention due to successful attacks of the NHS, Telefonica, the Russian Interior Ministry, and other organizations, companies, and government structures. The threat was slowed down after a kill switch was enabled by a 22-year old malware researcher based in the UK. Although new versions of the threat emerged, they did not reach the level of the initial threat. To this date, over 135,000 USD have been transferred to the Bitcoin Addresses used by the infection’s creators.

Although it was believed that the powerful Wannacry Ransomware would stop spreading after the kill switch was enabled and Windows users were informed about the vulnerability – since the ransomware has been discussed on all platforms of media – the attacks continue. The latest big-scale incident was reported by Honda Motor Co., when its Sayama plant in Japan was hit by the infection. According to the reports, the infection forced the company to suspend production for an entire day. Notably, Hitachi, Nissan, Renault, and Dacia – all car manufacturers – have suffered the attacks of the dangerous ransomware in the past. Another incident occurred in Australia, where 55 intersection cameras were infected by the threat. Although the activity of the cameras was not compromised by the ransomware, the matter was investigated, and it was found that they were infected via a corrupted USB drive by accident. Unfortunately, news regarding attacks keeps emerging, and the victims take an important role.

Recent industry analysis has revealed that only 15% of bigger companies are taking measures to ensure that the dangerous Wannacry Ransomware does not invade systems and encrypt data. This number is quite surprising, considering that 27% or surveyed companies have been affected by the infection in one way or another. These numbers reflect the companies’ confidence in being able to resist attacks using their own resources. On a more positive note, it was found that half of the companies train their staff to inform them about Wannacry and prepare them for potential attacks. Unfortunately, the statistics are very similar when we move to the private sector. While regular users can become victims of the devious ransomware – as well as all other threats alike – many have not installed the update that patches the vulnerability via which the infection spreads yet. Naturally, malware creators and distributors are exploiting this to their advantage, and that is why the ransomware keeps spreading and attacking.

Stopping malware is not an easy task, and it requires the efforts of security experts, targeted companies and organizations, and regular users. If security experts detect vulnerabilities and provide solutions in time, the invasion of malware can be prevented. There are also measures anyone can take to prevent infections from doing damage. Wannacry Ransomware manages to coerce users into paying ransoms – which, by the way, is not a solution – because it successfully encrypts important files. If the files are backed up prior to the invasion of malware, they can replace the infected copies once the infection is deleted. Needless to say, employing security safeguards is also important. Reliable security tools can maximize the protection and minimize the chances for malicious threats to slither in. Overall, if security updates are installed in time, files are backed up, and anti-malware software is set in place, even serious ransomware infections can become less menacing and scary.