How WannaCry is still launching 3,500 successful attacks per hour
More than two years after the WannaCry ransomware worm encrypted files on hundreds of thousands of computers across the globe, the malware developed by the North Korean state-backed Lazarus Group still resides on around 145,000 devices, a new report by Armis shows. Over the past 6 months, the malware has continued to launch around 3,500 successful attacks per hour.
WannaCry takes advantages of a Windows vulnerability that was patched two years ago. However, the cryptoworm lives on because organizations in the healthcare, manufacturing, and retail industries still rely on a “large number of older or unmanaged devices which are difficult to patch due to operational complexities.” In these sectors, over 60% of devices still run Windows 7 or an even older operating system. By comparison, this number is less than 30% for the technology sector.
The WannaCry outbreak of 2017 and the worm’s continued persistence should serve as a warning for what may happen when threat actors begin to exploit a recently discovered “wormable” Windows vulnerability dubbed BlueKeep, which currently affects close to 1 million devices.