WannaCry affects computers 'within minutes'

A honeypot server has been instrumental in finding a new vulnerability in the WannaCry ransomware.

To demonstrate the potential danger caused by the WannaCry exploit, a French security researcher set up a honeypot server over the weekend - which was attacked six times in 90 minutes.

'Benkow_', who created the server to look like a vulnerable Windows PC, said that it was targeted just minutes after being reset, demonstrating the highly aggressive nature of WannaCry.

WannaCry Stopped - By Accident

WannaCry 1.0 was first spotted in February, by Malwarebytes researcher S!Ri. However, at the time it was very basic, spreading through tactics such as email spam. It was only when the creators combined it with a weaponised version of the ETERNALBLUE tool that it began to gain traction worldwide.

Carried by the SMB worm, the WannaCry 2.0 ransomware began spreading around the globe on Friday, affecting multiple organisations including the NHS (in what appears to have been an untargeted attack).

The initial spread was curtailed by MalwareTechBlog, which registered a domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) that the ransomware was pinging, in order to track the infection. However, this accidentally acted as a kill switch: if the domain was unregistered, WannaCry would continue with its infection; otherwise, it would terminate.

Honeypot Traps New Variant

On Sunday 14 May, a new WannaCry version was discovered without the kill-switch domain; however, Benkow_'s honeypot was key in finding the new domain (ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com) used by WannaCry 2.0, which was also subsequently registered.

It would be easy to assume that the danger of WannaCry has now passed, especially with Microsoft's recent security patch for Windows XP, Windows Server 2003, and Windows 8 and 8.1. However, the MalwareTech 'map' of the WannaCry outbreak shows several new infections every minute.

Computing's Big Data and IoT Summit 2017 and the Big Data and IoT Summit Awards are coming on 17 May 2017.

Find out what construction giant Amey, Lloyds Banking Group, Financial Times and other big names are doing in big data and the Internet of Things.

Attendance to the Summit is free to qualifying senior IT professionals and IT leaders, but places are strictly limited, so apply now.

AND on the same day, Computing is also proud to present the Big Data and IoT Summit Awards, too. See the finalists - and secure a table for your team at the Awards - now