WannaCry a week later: it continues to spread, and its variants are the new threat

Seven days have passed since the alarms went off: the ransomware already popularly known as WannaCry unleashed the chaos first in Telefónica to later make it clear that it was not a cyberattack but a massive one. According to the latest data, there have been more than 300,000 machines affected in 150 countries.

The cyberattack continues to spread, but its impact and growth have been significantly reduced, thanks first of all to the accidental discovery of a kill switch that deactivated it by registering a special domain. The emergence of tools to recover data after the attack has also mitigated the problem, but the threat has not disappeared.

Caution: the attack is still active

Many security firms have analyzed this attack to try to respond to the threat, and one of them, MalwareTech, has provided additional information on the evolution of this massive cyber attack that according to its records has already affected more than 300,000 machines.

These data make it clear how important this ransomware attack has been. WannaCrypt has spread like gunpowder after the initial infection, something that explained in detail in the Cisco Umbrella blog, and has done so taking advantage of the port 445 that uses the SMB service in Windows.

That was the “contagion” mechanism of this ransomware that took advantage of the vulnerability that Microsoft patched in March but was not yet installed on millions of machines.

In fact although it is true that the contagion has been reduced, the activity of WannaCry remains clear, as you can see in the follow-up to MalwareTech. In this graph it is seen as new affected by this ransomware continue to appear.

Attacks that take advantage of the first cyberattack

Moreover, as with other malware, other cyber attackers use this code to create variants of the original that include different domains for their kill-switch, something they also warned in Cisco. They use other directions to collect bitcoins, and as the authors of the study explained, WannaCrypt copying does not complicate life much.

In fact they are also producing deceptions derived from cyberattack, and these days for example appeared a series of emails that urged the customers of BT to update their equipment by pressing a button in the mail that only did to infect those who clicked on he.

Phishing attacks that take advantage of the urgency and ignorance of the users are also another of the dangerous side effects of problems such as we are suffering these days. Before these emails, as always, the ideal is not to act in hot and consult with the company that sends them if we have no more means to find out if it is an illegitimate mail or not.

How much money have the creators of the attack collected?

According to the website Misentropic created by @morb which monitors all the transactions received in the three portfolios of bitcoins that could be paid that amount is important, but not as high as might be thought.

So far there have been 307 transactions that have a total value of 47.29491733 BTC, or what is the same, $ 90,648 with the current change. Transactions continue to occur, and will continue to do so in the next few days: not everyone (and much less) has backup copies of their data with which to recover normality.

Despite advice from security experts, those who are particularly difficult to access expert help end up giving up for lack of resources or time to solve a problem that can be critical both personally and professionally.

Wannacry: Tools to recover hijacked files

Security experts are still working to find the source of the infection – some indications point to North Korea as responsible – but also to put a stop to it. Among the developments that have appeared is the tool ‘WannaCry File Restorer‘ that tries to recover data after the attack and that works only if the process of ransomware has not finished and the temporary copies have not been eliminated.

Mobile ransomware also exists: how to avoid it and how to get rid of it
How an anonymous researcher has stopped accidentally and with 10 dollars the ransomware WannaCrypt

Microsoft itself released a patch for Windows XP – an operating system that no longer has support and does not have security updates – to try to help address the problem.

Users of this older version of Windows may still have access to a method of decrypting “hijacked” data. Cybersecurity researcher Adrien Guinet published a tool called Wannakey that in some cases – not all – is able to recover the encryption key used in Windows XP. The risks for these users are especially important because this attack is just a sample of how dangerous it is to work with an obsolete and unsupported operating system.

For the rest of the affected, the solution is more complex, and they can do little without a backup of their data to recover their usual routine before the computer. That is precisely one of the key tips that we have after this cyberattack: that of making these backups periodically, and also do it in combination with the other key measure: keep the equipment up to date to minimize the risks.

You may also Like

10 Reasons to Use Linux
Google Lens, Assistant taken to the camera
Technology and the future of sex: “cloud pops”


ATTACKComputer securitycyberattackmassive cyber attackMicrosoftpatch for Windows XPPhishing attacksRANSOMWAREsecurityWannacryWannaCry File RestorerWannaCryptWannakeywindows