The WannaCry ransomware that wreaked havoc in 2017 did not die and security software firm Sophos halted 4.3 million infection attempts globally in August 2019, of which 8.8 percent were based in India, the firm revealed.
According to the British cybercity firm, the WannaCry threat continues in large part due to the ability of new variants to bypass the ‘kill switch’.
The ‘kill switch’ is a specific URL that, if malware connects to it, automatically terminates the infection process and all had a corrupt ransomware component and were unable to encrypt the data.
The 4.3 million attack attempts were halted by Sophos Endpoints which is essentially an endpoint protection product that combines anti-malware, web and application control, and device control.
“The WannaCry outbreak of 2017 changed the threat landscape forever. Our research highlights how many unaffected computers are still out, and if you haven’t installed updates released more than two years ago – How many other patches have you missed ?, ”Sophos security expert Peter McKenzie said in a statement.
“In this case, some victims have been lucky because variants of the malware immunized them against newer versions. But no organization trusts it. Instead, whenever released, the standard practice patch is installed. There should be a policy to do and a strong security solution. ” In place covering all endpoints, networks and systems, ”McKenzie added.
However, the fact that these computers may have been infected earlier suggests that a patch has not been installed against the main exploits used in the WannaCry attacks – a patch that was released more than two years ago.
Sophos researchers have detected the first appearance of the most widely corrupted version, just two days after the original attack on May 14, 2017, when it was uploaded to “VirusTotal”, but not yet seen.
The original WannaCry malware was detected 40 times and since then, SophosLabs researchers have identified 12,480 variants of the original code.