The First Global Ransomware Attack Wreaking Havoc — 18 Months Later
When the first-ever global ransomware attack, WannaCry, took the world by storm, there was a kill-switch developed. Meaning, if the ransomware attempted to run, it would first see if this kill-switch was available. If so, it wouldn’t encrypt the files; but would remain dormant on the PC, unless removed by the user or security vendor.
Now, a year and a half later, there are still millions of attempts made to execute the dormant ransomware variant, on a weekly basis. According to Bleeping Computer, in a one-week timeframe, the kill switch domain was visited 17 million times. Of these 17 million pings, over 630,000 came from unique IP addresses. The top three countries for these IP addresses are China, Vietnam, and Indonesia.
Theoretically, as long as the kill-switch remains active, the ransomware infection will not encrypt files on these infected devices. However, all it takes is for the kill-switch to be inaccessible for the infection to run wild. For instance, if the ransomware attempted to execute while the internet was down, the kill-switch would be inaccessible. This would give WannaCry the green-light to fully encrypt the device.
It is important users understand if this, or any other form of malware is lurking on their device. Users are encouraged to run a malware scan through their antivirus provider, followed by a restart of their PC.
**For PC Matic users, you will remain to be fully protected from this, and other ransomware variants. For those not using PC Matic, you’re encouraged to check with your existing antivirus solution to determine if the security vendor would remove the WannaCry virus from endpoints using their security solution.