386 WannaCry ransomware samples discovered in the wild

The destructive ransomware has caused chaos and it may be that cyberattackers want to continue capitalizing on the malware.
Written by Charlie Osborne, Contributing Writer

All you need to know about WannaCrypt in 60 seconds

Researchers have identified hundreds of WannaCry ransomware samples in the wild, malware responsible for debilitating attacks on health services and companies last week.

According to Trustlook, a total of 386 malware samples in the wild have been recorded to date.

WannaCry, hitting the headlines last week after striking hundreds of thousands of victims in at least 150 countries, is ransomware which targets legacy Microsoft Windows operating systems to lock vulnerable machines and demand ransom payments in the virtual currency Bitcoin in return access.

The malware utilizes the EternalBlue exploit, leaked from the Shadow Brokers NSA cache earlier this year. The exploit leverages a now-patched security vulnerability in the Windows Server Message Block (SMB) protocol, scanning 445 file sharing ports from Windows endpoints for access to the Internet and enabling the download and execution of ransomware and other malicious programs.

It is possible that so many malware samples have emerged due to the updated packing of exploit kits currently available to introduce WannaCry into these toolsets. The first examples of WannaCry, predating the version used in recent attacks which propagates like a worm, dates back to February this year.

After taking down a number of UK National Health Service (NHS) trust and hospital systems, Microsoft issued an emergency patch in what is an unusual move for legacy, unsupported operating systems.

Systems affected by the ransomware that are still in the update cycle were at least two months' behind on security updates.

See also: 98 percent of WannaCry victims running Windows 7, not XP (TechRepublic)

If you have not updated your Windows machine or are unsure of how to proceed, check out our guide on ways to protect yourself against WannaCry.

"This attack is unprecedented in scale," said Allan Zhang, co-founder and CEO of Trustlook. "Windows users and administrators should ensure that their systems are updated with the latest security patches to help prevent further infections and to slow the spread of the ransomware."

To take a look at the hashes for each file, head over to Trustlook's blog. The company has also released a standalone tool to scan and vaccinate potentially vulnerable Windows machines which can be found on GitHub.

Read on: Ransomware: WannaCry was basic, next time could be much worse |New WannaCrypt ransomware variant discovered in the wild | Ransomware attack: Hospitals still struggling in aftermath of WannaCrypt's rampage | WannaCrypt ransomware: Microsoft issues emergency patch for Windows XP | Ransomware: An executive guide to one of the biggest menaces on the web

The reasons why you should hide your IP address

Editorial standards