Over a million computers remain vulnerable to WannaCry-like attacks
What's the story
Two years ago, a major ransomware-based cyberattack, dubbed WannaCry, compromised hundreds of thousands of computers across the globe. The attackers behind it demanded bitcoins after locking personal and government systems and crippling hospitals, railway networks, and private companies. The issue was eventually contained by experts, but as it turns out, even today over a million PCs remain vulnerable to WannaCry's exploits. Here's how.
Issue
How WannaCry came as a major cyber threat
Presumed to be carried out by hackers from North Korea, WannaCry spread over the network like wildfire. Billions of dollars were lost in damages and ransom paid to the attackers, who had become a global threat in a matter of days. However, ultimately, Marcus Hutchins, a security researcher, came up with a kill switch for the ransomware, putting a halt to the fiasco.
Risk
However, 1.7 million PCs still remain vulnerable
The WannaCry attack stemmed and spread from leaked hacking tools of the US National Security Agency - DoublePulsar and EternalBlue. These exploits were published publicly, which ultimately led to the rise of this and another similar ransomware - NotPetya - of the same kind. Now, a TechCrunch report has shown that as many as 1.7 million PCs still remain vulnerable to these critical exploits.
Vulnerability
Most potential victims based in the US
The latest data from Shodan, a search engine for exposed databases, notes that more than a million internet-connected endpoints are vulnerable to NSA's tools. Most of these systems are located in the US and can be exploited with malware/ransomware built atop EternalBlue or DoublePulsar. Plus, these numbers are just for internet-connected devices; many more systems, connected to compromised servers, could also be at risk.
Problem
Now, this is a major security concern
While WannaCry still continues to show up, it is not much of a concern as most of the ransomware elements appear to be broken. The real security threat is the NSA tools, which still remains publicly available and can be exploited to create more WannaCry-like programs or something even scarier. To note, the tools have already been re-purposed quite a few times.
Information
Recent attacks carried out from NSA tools
Last year, the ransomware attack that disrupted several services in the city of Atlanta was caused by the leaked NSA tools. Additionally, they have also been used to infect networks for mining cryptocurrency or carrying out planned DDoS attacks.