Why WannaCry ransomware is still a threat to your PC

The global outbreak was 18 months ago - but the self-propogating nature of WannaCry means it's still attempting to infect thousands of systems a month.
Written by Danny Palmer, Senior Writer

Over 18 months after it first caused chaos by encrypting hundreds of thousands of PCs around the world, WannaCry ransomware is very much still alive, with the percentage of infection attempts actually higher than it was this time last year.

Figures from Kasperky Lab's threat report for Q3 2018 say that WannaCry tops the list of the most widespread cryptor families, with attempted attacks against 74,621 of the security firm's users across the globe between July and September.

WannaCry ransomware attacks have risen as a proportion of the total attack compared with the same period last year: in Q3 2017, Kaspersky figures suggest WannaCry accounted for 17 percent of ransomware attacks, but now that figure has grown to account for 29 percent of all users targeted by ransomware.

However, researchers do note that the overall numbers for ransomware this year are lower than they were for 2017, so Wannacry attacks were a bigger slice of a smaller pie.

WannaCry spreads via the use of the EternalBlue exploit -- a leaked NSA hacking tool with worm-like capabilities which was co-opted by cyber criminals to help conduct campaigns.

Microsoft actually released a patch to protect systems from the exploit almost two months before WannaCry hit, but as the damage demonstrated, many organisations still hadn't applied the update.

The self-propagating nature of the SMB exploit means WannaCry has never stopped attempting to spread itself after being unleashed into the wild.

SEE: What is ransomware? Everything you need to know about one of the biggest menaces on the web

But despite the damage done by WannaCry, there are still large numbers of users who still haven't applied the update which ensures their system can't fall victim to the ransomware.

Attackers know the power of EternalBlue, and still regularly deploy it to help spread trojans, cryptocurrency miners and other malware campaigns.

"It is concerning to see that WannaCry attacks have grown by almost two thirds compared to the third quarter of last year. This is yet another reminder that epidemics don't cease as rapidly as they begin -- the consequences of these attacks are unavoidably long-lasting," said David Emm, principal security researcher at Kaspersky Lab.

"Cyber-attacks of this type can be so severe that it's necessary for companies to take adequate preventive measures before a cyber criminal acts -- rather than focus on recovery".

SEE: 10 ways to raise your users' cybersecurity IQ (free PDF)

Other widespread ransomware detailed by the report includes GandCrab, which accounts for 12 percent of all detections under a year since it first emerged as a threat. Cryakl, PolyRansom, Shade and Crysis ransomware are also among the most detected forms of file-encrypting malware.

In total Kaspersky Lab detected 259,867 attempted ransomware attacks against victims, with 132,810 coming in September alone.

While ransomware doesn't appear to have as high a profile as it did last year thanks to incidents like WannaCry and NotPetya, it still remains a dangerous threat to organisations -- especially given how those behind ransomware campaigns continue to find ways to make them more pervasive and more damaging.

Authorities in nations including the UK and the US have formally attributed the WannaCry attack to North Korea -- although the country's leadership deny any responsibility for the campaign.


Editorial standards