A 22-year-old security researcher in the UK, going only by the name MalwareTech, has warned that another wave of ransomware attacks could begin tomorrow, Monday, March 15. Incidentally, this is the same researcher who managed to stop the ransomware attack from spreading by accidentally discovering a “kill switch” within the malware’s code.
Essentially, he noticed that the malware was trying to contact an unregistered web address each time it infected a new computer. By chance, MalwareTech decide to register that web address just to see where it was being accessed from. What started as a curious attempt to investigate the ransomware’s origin accidentally triggered part of the malicious code that told it to stop spreading. That’s the “kill switch” referred to above, and it’s a feature that some attackers include in their code to help them stop the spread of the malware if it gets out of control.
Now you might be thinking: Has this actually stopped the malware from spreading altogether?
Unfortunately, no. This is merely one “strain” of the virus that has been stopped from spreading over networks. Besides, it does nothing to help machines that have already been hit.
According to the BBC, the attackers may have already been paid up more than £22,000 ($28,000+) by victims who wanted to “unfreeze” their critical files. That amount is likely to have gone up since it was reported.
The worst part is that MalwareTech says this could only be the first wave of the attack, and another one will likely be mounted on Monday, May 15.
“It’s very important that people patch their systems now.
“We have stopped this one, but there will be another one coming and it will not be stoppable by us.
“There’s a lot of money in this. There’s no reason for them to stop. It’s not really much effort for them to change the code and then start over.
“So there’s a good chance they are going to do it… maybe not this weekend, but quite likely on Monday morning.”
He also warned that the attackers could well upgrade the virus and remove the “kill switch” part of the code that stops it from spreading, effectively negating any attempts to stop it from spreading. The only way is to patch the flaw as soon as possible.
Microsoft has already issued Customer Guidance on this, urging Windows users to apply the relevant security updates that patch this flaw and protect them from the WannaCry ransomware attack.
If another wave should come, the virus is likely to be far more resilient than it is at the moment. However, because it is based on a known exploit that Microsoft has already released a patch for, it’s likely that systems and networks that apply the security update from March and from this Friday will be protected.
The biggest problem here appears to be a lack of vigilance in IT departments around the world. In the UK, it was found that hundreds of thousands of NHS computers were still running on out-of-date Windows versions that have stopped receiving security updates from Microsoft.
But it’s not fair to blame IT heads. Upgrading is not a cheap option, and it is rarely an easy one to execute, especially on large networks. Old software, older hardware and other problems make it very difficult for IT departments to have much say in system upgrades. It’s usually the decision-makers approving budgets and signing checks that are responsible.
Hopefully, this ransomware attack has shaken IT administrators to the core, and helped decision-makers somehow find the budgets to upgrade their systems and keep them up to date at all times.
With ransomware attacks on the rise and now crescendoing with this most recent attack, we can only hope that IT departments will soon get the resources they need to keep their systems and networks secure from future attacks.