MillenniumPost
World

'WannaCry hackers still trying to revive ransomware attack'

The "accidental hero" who registered a web address that became the so-called kill switch for WannaCry has said hackers are trying to overwhelm the site to resurrect the ransomware that plagued the NHS and companies around the world.

The web address acts as a beacon for the malware, which if contactable tells WannaCry to cease and desist. In registering the domain name, a self-trained 22-year-old security expert from south-west England called Marcus Hutchins halted the spread of WannaCry by activating its kill switch.

Hackers are now trying to make Hutchins' domain unreachable using a distributed denial of service (DDoS) attack – overwhelming it with traffic so that attempts to contact the domain by WannaCry go unanswered, thus de-activating the kill switch.

Hutchins has taken precautions to protect the domain from the DDoS attacks, which are using the Mirai botnet, switching to a cached version of the site that is capable of dealing with much higher traffic loads than the live site.

So far, the kill switch remains in operation, Hutchins says, which should help any computer systems that have not been updated or secured yet from falling foul of this strain of the WannaCry attack. A week after the WannaCry outbreak, analytics have revealed that, despite Windows XP grabbing the headlines due to its use in the NHS and other institutions, it was Windows 7 that was the worst affected by the ransomware.

According to data from cybersecurity firm Kaspersky, Windows 7 accounted for more than 98% of WannaCry infections, with Windows XP accounting for an "insignificant" volume of infections globally. The estimates are based on computers running the Kaspersky's security software, while data from BitSightindicated the number was lower but still significantly skewed towards Windows 7, with 67% of infections.

That Windows 7 accounted for the majority of WannaCry infections is not that surprising. Windows 7 is the most popular version of Microsoft's operating system, accounting for 46.23% of Windows computers globally, according to data from analytics firm Statcounter. Windows 10 accounts for 35.53% of PCs, while Windows 8.1 accounts for 9.56%. Windows XP accounts for only 5.36% of Windows computers globally.

While Windows XP does not receive publicly available security updates, machines running Windows 7 do and should have been protected against infection if they had been updated. Windows automatically updates itself for security and bug fixes unless otherwise instructed, which means the vast majority of WannaCry infections should have been preventable.

It highlights a problem found across both user and enterprise computer systems. Meanwhile, EternalRocks, a new strain of malware, has been identified by the researchers that targets the same vulnerability that wrecked havoc worldwide by 'WannaCry' ransomware, a media report said. EternalRocks exploits the same vulnerability in Windows that helped WannaCry spread to computers. The malware includes far more threats than WannaCry, making it potentially tougher to fight. Like the original ransomware, known as WannaCry, EternalRocks uses an NSA tool known as EternalBlue to spread itself from one computer to the next through Windows. But it also uses six other NSA tools, with names like EternalChampion, EternalRomance, and DoublePulsar (which is also part of WannaCry), Fortune reported.
Next Story
Share it