WannaCry Still Impacts Thousands of Systems Every Month

WannaCry struck worldwide in May 2017, with the ransomware wreaking havoc on systems and networks in over 150 countries.

Hundreds of thousands of computers, of independent users and in many organizations, all across the world went defunct as files and all the data that they had were encrypted by the ransomware. The WannaCry outbreak impacted many large organizations like the National Health Service hospitals in England and Scotland, the Nissan Motor Manufacturing UK, Renault, Spain’s Telefónica, FedEx and Deutsche Bahn. Countries like the U.K. the U.S and Australia did point accusing fingers at North Korea, stating formally that North Korea was behind the campaign. The North Korean leadership, however, denied involvement with the WannaCry campaign.

Thanks to the WannaCry outbreak, the term ransomware soon became familiar even to the non-techie laymen, who started discussing and thinking about ways to prevent malware attacks in general and ransomware strikes in particular.

18 months have passed, and WannaCry still continues to do mischief all over the world. Thousands of systems are still impacted every month by the devastating ransomware. Yes, the WannaCry ransomware is still very much alive and reports suggest that the percentage of infection attempts, compared to what it was this time last year, is now actually higher.

The Kaspersky Lab IT Threat Evolution report for Q3 2018 points out that WannaCry still tops among specific cryptoware families. The report says, “WannaCry (28.72%) still leads the way among specific cryptoware families.”

It has been noted that WannaCry attacks have risen in number, in proportion to the increase in the number of total cyberattacks. WannaCry accounted for almost 17 percent of all ransomware attacks last year and now the figure has grown to 29 percent.

An interesting thing to note is that while there has been an increase in the number of WannaCry attacks in the 3rd quarter of 2018, the figure for overall ransomware attacks seems to have taken a dip compared to the same period last year.

The WannaCry ransomware attacks were made possible using the EternalBlue exploit, a leaked NSA hacking tool. The EternalBlue exploit afflicted older Windows systems and Microsoft had actually released a patch to protect these systems from the exploit almost two months before the global strike happened. The widespread nature of the WannaCry attack proved that many users, and organizations as well, hadn’t applied the patch even two months after it was released.

WannaCry spread all across the world and caused extensive damage, but that’s not just history. The ransomware still continues to cause extensive damage, and this proves that despite the damage done, there are still many organizations and users who haven’t applied the update which would have protected them from WannaCry attacks. Cybercriminals continue to exploit EternalBlue to regularly deploy WannaCry and certain other ransomware, Trojans, cryptocurrency miners etc on the global level.

Of course, there are other ransomware too that spread and attack systems/networks across the world. These include GandCrab, PolyRansom, Crysis, Cryakl etc. However, compared to 2017, when the WannaCry ransomware and NotPetya struck on a widespread scale globally, today we have lesser number of ransomware attacks. Still, the ransomware remains a dangerous threat to businesses and organizations as threat actors devise ways to make ransomware more sophisticated and damaging in nature.