14 DAY TRIAL // The digital side of our lives has just gotten a lot more dangerous with the presence of WannaCry and that's mostly because we are probably going to start seeing this type of infections a lot more often from here on out.
Bitdefender notes that, just a few hours ago, a new version of WannaCry has been spotted in the wild after the hacking group behind the ransomware changed a couple of bytes to override the kill switch discovered by MalwareTech, which stopped the spread of the initial wave. A second wave was stopped by another security researcher through a similar method.
"WannaCry 1.0 and 2.0 are just the beginning. It's probably going to get worse before it gets better, as it's going to be one of the most serious threats for the following 12 months," BitDefender's Catalin Cosoi writes. A solution may exist, he notes, if Microsoft decides to force an update on all Windows devices, therefore killing the vulnerability that's being exploited by WannaCry, taking the decision to update out of the hands of the owners of the devices.
As Cosoi notes, this has been done before and it would be a good idea right now given the scope of the current threat. WannaCry's spread rate would justify such a move, especially if the update were done in a controlled and coordinated manner, with support from authorities and the security industry.
"Computers in public institutions, hospitals and other care facilities are usually rarely updated. If they are not hit by ransomware now, these computers are vulnerable for state sponsored attacks for as long as they remain unpatched. Ransomware is the best case scenario now, because it’s visible. But complex threats can be built on it, to stay persistent and infiltrate organizations for a very long time," Cosoi adds. It should be noted that among the victims of WannaCry are the British National Health System, the German train system, Spanish telcos, and so on.
A dangerous zero-day
WannaCry exploits EternalBlue, a Windows vulnerability the NSA was using. The whole situation was exposed due to the Shadow Brokers hacking group who dumped un-redacted classified NSA files online a couple of months ago.
The malware has two components - one is ransomware, locking a person's computer and encrypting all files while demanding about $300 worth of BTC, and another is worm-like, which helps the speedy spread of the infection throughout computer networks. Over 200,000 devices have been infected thus far, while several hundred thousands more were stopped by security software.
Microsoft has already released a security patch to help with the situation, so you should make sure to update to the latest version. You should also install a security software to help block the infection.