18 Months Later, WannaCry Still Lurks on Infected Computers



  • Eighteen months after the initial WannaCry Ransomware outbreak, the malware continues to rear its head on thousands of infected computers.

    When the WannaCry infection was first unleashed, security researcher Marcus Hutchins of Kryptos Logic registered a domain that acted as a kill switch for the ransomware component of the infection. If the infection was able to connect to this kill switch domain, the ransomware component would not activate. The infection, though, would continue to run silently in the background, while routinely connecting to the kill switch domain to check if it was still live. According to Hankins, the WannaCry kill switch domain still receives over 17 million beacons, or connections, in a one week period.

    Read more about the lingering WannaCry infections on BleepingComputer.

    https://threatbrief.com/18-months-later-wannacry-still-lurks-on-infected-computers/