WannaCry 2.0 ransomware ready for more destruction as it learns to combat the kill switch
Never in history has a ransomware brought more than half the world’s computers to a standstill. On Friday, May 12, 2017, the computers around the world were crippled by the biggest ransomware attack known as “WannaCry” (“WanaCrypt0r 2.0” or “WannaCrypt” or “WCry”) that targeted Microsoft’s Windows run PCs/laptops and ATMs. This malware attack that infected around 57,000 computers the world over, in the beginning, has now increased to over 2,00,000 in 150 countries including Russia and the United Kingdom and is considered as one of the most widespread cyber attacks in history. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm.
Soon, after the initial release of the ransomware took place on May 12, 2017, a U.K.-based researcher going by the name of MalwareTech happened to accidentally discover a “kill switch” hardcoded in the malware while trying to analyze the attack. The researcher then registered a domain which the malware seems to ping before infection. This stopped the attack spreading as a worm and acted like a kill switch, thereby instructing the malware to not proceed with the encryption of files, making it inactive.
However, the creators behind “WannaCry” have quickly evolved around this domain-based kill switch and altered their code to remove the somewhat bizarre error and restart their ransomware campaign. Security researchers have discovered variants of the Windows malware that either doesn’t have a kill switch, or which ping to a different domain than the one discovered by the researcher.
Microsoft had released a software patch (MS17-010) for the security holes on March 14, 2017. Those who applied critical Microsoft Windows patches released in March were protected against this attack, while those who did not are affected, according to the company. Hence, Microsoft has now not only encouraged users to download the fix they released for the vulnerability back in March but also created security patches for several now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.
One expects the problem to get worse in this week, as many businesses’ computers might get exposed to unpatched systems making it vulnerable to attack. For those who are not affected, we strongly recommend such users to ensure that their systems are updated with the latest antivirus and anti-malware software along with patches released by Microsoft at the earliest, in order to keep the ransomware attack at bay.