WannaCry is Still Haunting IT Administrators as New Variants Pop Up

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Two years after the WannaCry malware spread like wildfire over the world, IT admins still have to deal with the menace and fight against new variants. As we warned back in December 2018, there are still thousands of systems that are pinging the kill-switch domain that was set up by Marcus Hutchins. With that original version having been subdued, malicious actors turned to the creation of other versions with different kill-switch domains, or no kill-switch at all. As Sophos claims on their most recent report, there are 12000 variants of WannaCry in circulation right now.

wannacrypiechart_modified

Source: news.sophos.com

The particular security company alone has detected and blocked more than 4.3 million attempts to spread a variant of WannaCry to a protected endpoint, only in August 2019. The majority of the WannaCry variants that Sophos analyzed are broken in some way, so they are incapable of encrypting the files of their victims. They are still able to propagate on networks that constitute of unpatched Windows machines though, and this is still a security problem.

Sophos has compiled some interesting data about WannaCry variants that they monitored between September 2018 and December 2018, and here are the highlights:

wannacry map

Source: news.sophos.com

As for the current situation, most samples target systems that are based in the United States (22.5%), followed by India (8.8%), Pakistan (8.4%), Peru (7.3%), and Indonesia (6.7%). In general, the targeting is global, and the actors are multiple.

Once again, the only thing that makes the above situation possible is the fact that system administrators don’t want, or choose not to update their Windows systems. There are multiple reasons to follow that risky path, with the main being the introduction of incompatibilities with 3rd party software that these systems are expected to run unproblematically. Keeping those systems online, however, is giving WannaCry actors a reason to continue their effort to create a powerful enough iteration of the malware. The rise in this activity is characteristic right now, and those who haven’t patched their Windows systems for two years now have a lot to worry about, besides WannaCry.

Have something to comment on the above? Feel free to do so in the section down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: