It’s been two years since the initial WannaCry ransomware outbreak, but researchers are warning that hundreds of thousands of incidents are still being detected globally.
New research from Malwarebytes claims more than 4,826,682 WannaCry detections have been identified since its first outbreak in May 2017. These detections have decreased substantially since first wreaking havoc, but have far from disappeared.
Eastern countries appear to be at the highest risk – with India (727,883), Indonesia (561,381), United States (430,643), Russia (356,146) and Malaysia (335,814) being the hardest hit countries.
Since April 1, 2019, detections have remained high in these countries - India (19,777), Indonesia (19,192) and the United States (3,325) – while the UK recorded only 41 incidents during the same time period.
Malwarebytes also warned that hundreds of thousands of systems are still vulnerable to EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services and was used to propagate and spread the WannaCry ransomware in 2017.
There are several steps we recommend to prevent being the next victim of a ransomware attack, first starting with a hardened workstation environment. Embracing system hardening will prevent malware activity where possible and will put obstacles in place for the attackers. Organizations like the Center for Internet Security and NIST provide system hardening guidance, but you’ll ultimately have to determine what’s right for your users.
Second, utilize solutions like File Integrity Monitoring to establish where vulnerabilities exist and the best remediation advice.
Third, it’s vitally important that all systems and software applications are up to date. This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.
Read our latest whitepaper The Problem with Running Outdated Software to learn more.
Lastly, embrace change control. Make sure that patching is up to date as a further means of closing of exploitable vulnerabilities, but think about getting more structured. Change control is a key security best practice, and when done properly, makes a cyber-attack much easier to detect and head-off before any serious damage is done.