The WannaCry ransomware that created mayhem in 2017 has not died out. Security software firm Sophos apparently stopped a whopping 4.3 million infection attempts. This is globally for the month of August 2019, out of which 8.8 percent were located in India. The WannaCry threat is still active owing to the ability of new variants to bypass the ‘kill switch’. ‘Kill switch’ is a specific URL that, if the malware connects to it, automatically ends the infection process.
The 4.3 million attack attempts were stopped by Sophos endpoints which is essentially an endpoint protection product. This combines anti-malware, web and application control and device control. “The WannaCry outbreak of 2017 changed the threat landscape forever. Our research highlights how many unpatched computers are still out there, and if you haven’t installed updates that were released more than two years ago — how many other patches have you missed?,” Peter Mackenzie, Security Specialist at Sophos, said in a statement. “In this case, some victims have been lucky because variants of the malware immunised them against newer versions. But no organisation should rely on this. Instead, standard practice should be a policy of installing patches whenever they are issued, and a robust security solution in place that covers all endpoints, networks and systems,” Mackenzie added.
However, these computers could be infected in the first place suggests a different reason. That the patch against the main exploit used in the WannaCry attacks has not been installed. This patch that was released more than two years ago.
WannaCry: How it started
Researchers at Sophos have also traced the first appearance of the most widespread corrupted variant. This was back to just two days after the original attack which took place on May 14, 2017. This was when it was uploaded to “VirusTotal”, but had not yet been seen in the wild. The original WannaCry malware was detected 40 times and since then, SophosLabs researchers have identified 12,480 variants of the original code. WannaCry wreaked havoc last year and even asked those affected to play PUBG to unlock their PCs.
With inputs from IANS