More than two years after the WannaCry ransomware worm encrypted files on hundreds of thousands of computers across the globe, the malware developed by the North Korean state-backed Lazarus Group still resides on around 145,000 devices, a new report by Armis shows. Over the past 6 months, the malware has continued to launch around 3,500 successful attacks per hour.
WannaCry takes advantages of a Windows vulnerability that was patched two years ago. However, the cryptoworm lives on because organizations in the healthcare, manufacturing, and retail industries still rely on a “large number of older or unmanaged devices which are difficult to patch due to operational complexities.” In these sectors, over 60% of devices still run Windows 7 or an even older operating system. By comparison, this number is less than 30% for the technology sector.
The WannaCry outbreak of 2017 and the worm’s continued persistence should serve as a warning for what may happen when threat actors begin to exploit a recently discovered “wormable” Windows vulnerability dubbed BlueKeep, which currently affects close to 1 million devices.
Read more: How WannaCry is still launching 3,500 successful attacks per hour