Just over 18 months ago WannaCry ransomware ripped its way around the world in a matter of hours, locking down an estimated 200,000 computers belonging to Boeing, Nissan Motor Manufacturing, Renault, Telefónica, FedEx, Deutsche Bahn and far too many more to mention.

And it could all have been so easily avoided if companies had applied patches. But the thing about WannaCry is that it also had a worm component allowing it to spread at incredible speed, which it clearly did.

Since then all has gone quiet on the WannaCry front. But it’s still very much alive.

The percentage of infection attempts made by WannaCry was actually higher than it was this time last year.

Recent research revealed:
  • In Q3 2017 WannaCry accounted for 17 percent of ransomware attacks
  • In Q3 2018 WannaCry accounted for 29 percent of ransomware attacks

However the overall numbers for ransomware this year are lower than they were for 2017 which means WannaCry attacks were actually a bigger slice of a smaller pie.
  • This is a timely reminder that epidemics don't cease even if they do slip out of the headlines. 
  • Because WannaCry has a major worm-like self-propagating component, it has never stopped attempting to spread itself after being released over 18 months ago.

While ransomware doesn't have as high a profile as it did last year it’s still a dangerous threat.

CryptoLocker or WannaCry and other types of ransomware are essentially opportunistic and indiscriminate.
They rely on simple automation, such as infected attachments sent to a large number of potential victims via email.

Hand held SamSam

But a new type of malware has emerged illustrating how cunning, wily and persistent fraudsters are.

SamSam ransomware has been around a while but a group of cyber fraudsters have been detected who have used it to successfully extort $6 million over the past two and half years.

What is intriguing is that they have adopted a manual approach to deploying SamSam. But deploying this type of attack takes time.
  • It doesn’t scale well either because the fraudsters have to move from one target to another
  • It’s hard to detect because it doesn’t follow a predictable pattern
  • It’s hard to stop because an attacker can adapt as they go

For home computer users it isn’t a problem because the cyber crooks are targeting large organisations and demanding large ransoms.

However, what it does illustrate is that ransomware is still out there and cyber villains are becoming ever more cunning in how they distribute it.

As such we should never let our guard down and always ensure we are protected with top cyber security that quickly detects existing and newly emerging ransomware strains.