Around 18 months ago, a prolific form of ransomware known as “WannaCry” made its rounds online. WannaCry was so effective that many people were rightfully terrified of the next generation of malware. One security researcher, however, accidentally stopped WannaCry and stopped the attack for thousands around the world. Now, the researcher is reporting that WannaCry is still active, working in the background of all of its infected devices.
WannaCry Still Active on Infected Computers… 18 Months Later!
When WannaCry first reared its head, Marcus Hutchins of Kryptos Logic managed to activate a global kill switch that stopped the malware from spreading. Hutchins found an unregistered domain in the malware’s code, registered it himself, and stopped the activation of the ransomware.
Now, 18 months later, Kryptos Logic’s Head of Security & Threat Intelligence Research is saying that the malware is still trying to finish up its payload. While reviewing the data they have on the domain (which is now hosted on Cloudflare), the company noticed that WannaCry was still attempting to wrap up its payload. They noticed that around “2,713752 beacons from 220,648 unique SrcIPs” are connecting to the kill switch still. In other words, there are still devices out there that haven’t been updated or prepared to handle today’s malware.
Feels like a nice time to do a quick end of year look at our WannaCry data. I'll be posting some graphs and different metrics in this thread. Big shoutout to the crew at @Cloudflare, they've been providing us with assistance with the kill switch since the beginning almost.
What this means is that some people did not find it important to fix their security problems after Hutchins found the kill switch. This also means that should something happen to the domain (like an outage, for example), these users will suddenly find themselves at the mercy of WannaCry again.
How to Protect Yourself from Ransomware
Mr. Hankins’ twitter thread made it perfectly clear that these infected users can and should do something about the malware. In fact, there are a few things you can do in general to protect yourself from similar threats now and in the future.
Make Sure You Have Backups
By backing up your data regularly, you’re making sure that anything that gets taken from you during an attack isn’t lost forever. This isn’t a security tip as much as it’s a worst-case-scenario tip, but having backups of your files means you’re less likely to pay an attacker that uses ransomware.
Use Anti-Malware Software and Update It Regularly
You need to use anti-malware in this day and age. These kinds of security-oriented tools are very quickly becoming essential software to have. Anti-malware can help find and quarantine malware on your system as well as defend it from future infestation attempts.
Make sure you consistently update your anti-malware software so you can be protected from all of the latest threats.
has its IP masked. This provides anonymity online and makes it harder for malware builders to target your device specifically.
is accessing the internet through a secure connection and isn’t being monitored by any third-party.
has all of its data encrypted at all times. This makes it difficult for anyone to gain access to your data and information.
Installing a VPN on a router simply extends the VPN’s features to all internet-based devices you have. It makes it easier to make sure that you’ve covered your phone, your computer, and even your IoT devices too.
I suggest you use a powerful VPN like ExpressVPN and pair it with a compatible router. If it’s possible, try to use a recent router model. Make sure that you check how long the router manufacturer covers your particular model in order to know when to expect security updates and for how long.
To learn about ExpressVPN, check out our in-depth VPN review here. In case you don’t find this VPN to be for you, check out these top-tier providers instead:
There you have it ladies and gents. At this point, keeping up with security updates should be mandatory and not optional. There are a couple of things you can do if you find you have ransomware. However, you could just as easily protect your device from this family of malware too. If you are one of the users with an infected system, I highly advise that you take the time to upgrade your device. Make sure to use anti-malware to remove any current infections, too.
A reader, writer, and avid internet user. Hiba has spent the better part of her adult life looking for ways to have a safer and more user-friendly online experience, all while praising the uses of VPN connections to anyone who would listen.