The infamous WannaCry ransomware, which attacked servers and computers around the world back in 2017, has become the most common ransomware virus in recent months. This fact was reported by Kaspersky Lab experts in their report.

According to security analysts, in recent months, WannaCry ranks first in the number of computer infections involving file encryption. The proportion of attacks went up to impressive 29 percent of all ransomware incidents.

After WannaCry, the second place in terms of prevalence is occupied by new versions of the GandCrab virus. This ransomware program attacked about 12 percent of computers.

Among other leaders, experts have pointed out very well-known extortion viruses like Shade, Crysis, PolyRansom, and Cryakl. The latter takes the third place in the virus rating. With the help of Cryakl, almost 9 percent of the attacks were committed.

Speaking about WannaCry, the latest biggest attack of this virus targeted Boeing (the aircraft manufacturer.) An updated version of malware has affected most of the organization’s systems.

The most famous WannaCry attack occurred in May 2017. Cybercriminals blocked computers around the world, demanding a ransom. The spread of the virus was stopped after several days. The damage from this cyberattack was estimated at one billion dollars. Experts are confident that the Lazarus hacker group is behind the creation of WannaCry. This group activities are connected to the North Korean government.

Recent attacks use new versions of the WannaCry extortion virus, but the first version of the virus is still present on hundreds of thousands of computers around the world. According to experts, a small failure in the supply of electricity may deactivate the current stop mechanism and launch the new global epidemic.

The WannaCry lock in question was discovered by British security researcher Marcus Hutchins shortly after the first attacks. He found a reference to a certain domain in the virus code. The domain was free and not registered with any hosting provider\user. When the expert registered the corresponding domain\site, WannaCry ceased its malicious activity.

Experts concluded that the criminals left this loophole to stop the epidemic if necessary. Sometime after the discovery, cybercriminals updated the WannaCry code, and the attacks continued. However, those computers whose administrators managed to close the EternalBlue vulnerability were able to block the penetration of the modified ransomware.

However, many machines remained infected with the first version of the malware, which continued to contact the killswitch domain for a signal to attack. Currently, the information security community has provided the blocking site with secure hosting with protection from DDoS attacks so that the criminals could not bring it offline. But if any force makes that website inaccessible, the malicious code on all infected computers will go into combat mode again.

Ransomware viruses most often infect computers when users click on malicious links or attachments sent via mass spam. It is recommended not to download anything received from unfamiliar email senders. If the file looks legitimate, it is still better to contact the sender (for example over the phone) and confirm the attachment is secure.

Categories: IT