The infamous WannaCry ransomware that became known in May on 2017 continues to invade computers. The findings today come from a report by the security company Sophos Group plc, which found that two years later, modified versions of WannaCry are still causing headaches in IT managers. Research has found that the WannaCry threat remains here, with millions of infection attempts stopping every month and that although the original WannaCry has not been updated, many thousands of variants are available.
Indeed, the number of WannaCry variants is staggering: Sophos Labs has detected 12.480 variants of the source code to date. About 2.700 samples, representing 98% of the detections, have evolved and can bypass the switch that stopped the original ransomware.
In August alone at 2019, Sophos detected 4,3 millions of WannaCry cases. The number of different of variants observed were 6.963. Of these, 5.555 or 80%, were new files.
Researchers have found that the way WannaCry treats new victims has to do with the protection of users. WannaCry variants check if a computer is already infected and, if so, proceeds to another target, leaving an infection with an inactive version of it. malware which actually protects the device from being infected by active executives in the future.
"The WannaCry epidemic in 2017 changed the security environment forever," said Peter Mackenzie, a security expert at Sophos. "Our research underscores how many unpatched computers are still out there and if users have not yet installed them updates released two years ago - how many more updates have they missed? ”
In this case, he added, "some victims were lucky because variants of the malware created an immune system on their computer and could not invade newer publications. But no organization should rely on it. Instead, the usual practice should be a patch installation policy every time they are released and a strong security solution that covers all endpoints, networks and systems ”.