#privacy: More than 12,000 unique variants of WannaCry exist

Finland

Two years after the infamous WannaCry ransomware attack, it still continues to affect thousands of computers worldwide. 

A recent report by Sophos has revealed that although security patches and anti-virus protection against WannaCry are available, more than 12,000 unique variants exist. The new variants can stay hidden for longer and can spread more effectively.

On May 12, 2017 organisations across the world were attacked by the WannaCry ransomware. Most notably the British National Health Service (NHS) was significantly impacted. 

WannaCry exploits a vulnerability in the Microsoft SMB protocol by using EternalBlue to copy and execute itself automatically on remote computers. Allegedly EternalBlue had been stolen from the US National Security Agency. 

Microsoft had released a patch for this vulnerability two months prior to the attack, therefore those who did not update their computers then were impacted. 

The attack resulted in over 200,000 computers across 150 countries being impacted. 

In the report, it found that in August 2019 alone, the security company had detected more than 4.3 million attempts to spread a variant of WannaCry to customer machines. 

Data by Sophos that had been compiled between September 2018 and December 2018, found that all the variants analysed had contained some form of a bypass for the kill switch code. 

Additionally the original WannaCry file was seen only 40 times – this figure is extremely low that it can be attributed to testing, rather than a real attack. .

The top 10 most prevalent files were analysed and it was identified that they had been altered very early in the code. The alterations could bypass the kill switch entirely – this means that the “WannaCry variant’s ability to spread is no longer restrained by the kill switch.”

Sophos stated that the WannaCry variants seen spreading now are an evolved version of the original, which without the kill switch spread even more effectively and can stay hidden on a network with no encryption.

The report has advised users to patch their computers immediately.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.