Friday December 28, 2018

WannaCry is Still Active in Hundreds of Thousands of Computers

Citing posts by security researcher Jamie Hankins on Twitter, Bleepingcomputer reports that Wannacry ransomware is still active, but dormant, on thousands of computers across the world. Jamie Hankins reportedly contained the infection last year by setting up a "kill switch" domain in 2017. As long as infected computers can periodically ping this domain, Wannacry stays dormant. The kill switch domain, which is apparently hosted by Cloudflare now, reportedly received 17 million beacons from over 630,000 unique IPs in a one week period. While these connections came from 194 countries, around half of them originated in China, Indonesia, and Vietnam.

News Image

The fact that so many computers are still infected with this malware is a major problem. All you need is an Internet outage to occur and for the kill switch domain to no longer be accessible for the ransomware to kick in. To prevent this from happening, Hankins suggests the use of their TellTale service to lookup and make sure their IP addresses are not known to be infected with the WannaCry infection.

Discussion