The latest reports on WannaCry ransomware suggests the malware continues to remain a potent threat. Even after a year of its outbreak, WannaCry ransomware has not been eradicated completely. It is currently dormant and therefore, still has the potential to affect the businesses worldwide.
WannaCry still residing on computers
Soon after its discovery, the WannaCry ransomware infection had quickly become widespread. It disrupted hospitals in the UK before it was finally contained by an accidental discovery of a so-called kill switch. It stopped WannaCry from spreading within a few days of its discovery.
Feels like a nice time to do a quick end of year look at our WannaCry data. I’ll be posting some graphs and different metrics in this thread. Big shout out to the crew at @Cloudflare, they’ve been providing us with assistance with the kill switch since the beginning almost, mentioned Jamie Hankins, Head of Security & Threat Intelligence Research at @KryptosLogic in a tweet.
Hankins revealed the WannaCry kill switch domain receives over 17 million beacons, or connections, in a one-week period. The source of these connections is over 630 thousand unique IP addresses consisting of 194 different countries in one week.
He also added that developing countries in Asia like China, Indonesia, and Vietnam were among the top 3 countries infected by the ransomware.
Further, it was noted that the number of connections was less over the weekend compared to a normal business day. Why? People have more access to their computers in Office on weekdays rather than on Weekends.
Organizations fearing infection can use Kryptos Logic’s tool called TellTale. The tool has great utility as it identifies WannaCry infections. Admins of the organizations can deploy this tool to look up and monitor their range of IP addresses. Besides, identifying WannaCry ransomware, TellTale has the ability to identify other types of malware as well.
More at source.