Last updated on May 19th, 2017 at 08:48 am EST
Friday the 12th of May (so glad it was not Friday the 13th, else a lot of computer engineers would have been spooked) was when the internet was hit by WannaCry Ransomware. With around 200,000 infected systems spread across 150 countries we are already looking at the biggest ransomware attack ever. If you think the attack is over, then you are mistaken. It was just slowed down by MalwareTech, and two more versions of WannaCry Ransomware have popped up since.
Two new WannaCry Ransomware variants already found
The first variant was stopped by registering another url, it had the same kill switch mechanism as the original.
— Darien Huss (@darienhuss) May 14, 2017
The second variant, is the most dangerous of all three variants discovered so far; because unlike the other two variants it does not have a kill switch. As of now this variant is partially working because of a mistake in the code. However, it won’t be long enough before the attackers behind this attack figure that out and fix their mistake. See the below tweet from Tarah who is Senior Director at Symantec.
— Tarah M. Wheeler (@tarah) May 14, 2017
— Matthieu Suiche (@msuiche) May 14, 2017
A third variant just popped up with kill switch url as ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com. Notice the lmao in the url name, looks like the hackers are now having fun.
How to Avoid WannaCry Ransomware
Please make sure to the below post as it has the latest links, and we keep updating it as we gather more information.
Microsoft Blasts CIA, NSA & Others
Microsoft President Brad Smith has since posted on Microsoft’s official blog, where he blasted CIA, NSA and other security agencies for harding and sitting on exploits instead of disclosing them so that they can be fixed. These exploits when in the wrong hands can cause enough damage, and WannaCry Ransomware is a proof of the same.
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.
You can read the complete blog post here.