- Some 2,725 variants of WannaCry contain some form of a bypass for the kill switch code.
- The United States remains the top targeted country with more than 22% of infection attempts.
The modified forms of WannaCry ransomware are still causing headaches for IT admins and security analysts. The ransomware, which is well-known for the massive disruption in 2017, is still active with over 12,000 variants.
WannaCry never went away
A kill switch that destroys the operation of WannaCry ransomware was created soon after the massive attack in 2017. However, by the time the kill switch domain had any effect, the malware was updated and re-released twice within a few days after the first infection.
Researchers from Sophos found that, “Where there was once just a single, unique WannaCry binary, there are now more than 12,000 variants in circulation.”
Capabilities of the variants
The interesting aspect of these variants is that they are still quite capable of spreading broken copies of themselves to Windows computers that have not been patched.
- Some 2,725 variants of WannaCry contain some form of a bypass for the kill switch code;
- 476 of the unique files accounted for an overwhelming 98.8% of WannaCry detections;
- 11 of the variants were responsible for more than 4.3 million WannaCry attacks;
- The original, true WannaCry binary, was seen only 40 times out of all the attacks.
The United States remains the top targeted country with more than 22% of infection attempts. Other countries such as India, Peru, and Indonesia have also felt the heat of the WannaCry threat.
The continuous rise in WannaCry detection indicates that there are still several machines across the world that have not been patched in more than two years. These machines are not only vulnerable to WannaCry but can also be affected by other dangerous types of attacks that have emerged in the past two years.