Skip to content ↓ | Skip to navigation ↓

Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild.

Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August 2019, for instance, researchers at the British security software and hardware company detected 4.3 million attempts by infected computers to spread the ransomware.

That’s not to say that all variants took equal part in generating these attacks. In its analysis of some 2,275 variants seen between September 2018 and December 2018, Sophos found that 10 variants in particular account for 3.4 million of the 5.1 million detections observed during that three-month period. (The top three made up 2.6 million.) By contrast, Sophos spotted 12,005 unique files just under 100 times, while the original 2017 WannaCry ransomware binary appeared just 40 times.

These 11 WannaCry variants were responsible for the bulk of the more than 4.3 million WannaCry attacks we observed in August, 2019.

Sophos did find a promising note over the course of its research. As it explained in a blog post:

The one upside: Virtually all the WannaCry variants we’ve discovered are catastrophically broken, incapable of encrypting the computers of its victims. But these variants are still quite capable of spreading broken copies of themselves to Windows computers that haven’t been patched to fix the bug that allowed WannaCry to spread so quickly in the first place.

These findings reveal the how digital threats don’t just disappear after a global outbreak or high-profile incident. This is especially the case when there’s a malware family leveraging a known vulnerability that’s been around for years to infect new machines.

Organizations can’t afford to leave these security holes unaddressed. It’s important that they strengthen their ability to address such gaps by building a comprehensive vulnerability management program. As part of that effort, they can turn to a solution like Tripwire to help discover all assets, prioritize security issues and streamline their remediation issues.