Is your PC protected from the WannaCry ransomware? Apparently, millions of Windows systems are still vulnerable.
A huge swath of Windows machines across the world—particularly in China—have yet to install patches that can ward off the attack's infection method, according to security firm Kryptos Logic.
The findings come a day before the one-year anniversary of the WannaCry outbreak, which infected computers across the globe and cost businesses billions in financial damages.
WannaCry Ransom Note
Fortunately, the attack was quickly contained, but WannaCry lives on. When the kill switch was activated almost a year ago, new WannaCry infections were essentially told to stand down. But this did nothing to salvage the Windows systems hit with the ransomware during the initial outbreak, said Salim Neino, CEO of Kryptos Logic.
These untreated WannaCry machines will continue carrying the ransomware strain, indefinitely, unless the software onboard is completely reinstalled. Unfortunately, many of these untreated machines remain online, trying to spread the mostly harmless WannaCry infections to new computers, Neino said.
It doesn't help that millions of Windows machines still remain vulnerable to the ransomware's infection method. Kryptos Logic has been monitoring activity to the internet domain for the kill switch, and noted that traffic to it remains high.
Last month, over 104 million connection attempts were made to the kill switch. These connection attempts were sourced to over 2.7 million unique IP addresses, about 25 to 45 percent of which were based in China, where pirated copies of Windows 7 have been popular.
Recommended by Our Editors
"If a single IP has 50k hits in a day, you can safely assume it's not just 1 infected machine behind that IP, it is probably a few hundred to thousands," Neino said in an email.
The kill switch can prevent most of these attacks from becoming a full WannaCry infection, but not all. In March, Boeing was mysteriously hit with the ransomware. How it happened isn't totally clear, but WannaCry can fully infect a PC if the machine fails to connect with the kill switch.
Kryptos Logic has published a blog post outlining scenarios under which this might occur. But the key takeaway is the need for system administrators to do what they can do to patch their systems. WannaCry is now mostly harmless, but the ransomware's infection method—originally sourced to a US cyberweapon—has already been incorporated into other hacking schemes.
The good news is that Kryptos Logic is offering a free service that can help enterprises identify any machines in their network that are being bombarded by WannaCry infection attempts; find it here. If you're on Windows 10, you don't have to worry. The ransomware strain largely affects unpatched Windows 7 and Windows Server 2008 machines.
How Your Password Was Stolen
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
