As malware attacks go, the WannaCry ransomware worm was only partly successful. By the time it was only a few days old, the attack was effectively blocked when an alert security researcher noticed that the worm was searching for a specific site on the internet.
The researcher registered the site to take control of it which caused WannaCry infections to slow down and stop.
But in other ways, WannaCry was very effective. First it demonstrated that a worm combined with ransomware will really work. In addition, it was able to raise around $100,000 before it was stopped.
But in the world of cyber-crime, $100,000 isn’t a lot of money. This means that the perpetrators will want to build on their successes and create a new ransomware worm that avoids the pitfalls of WannaCry. This means that we can expect new attempts to crack seize control of computers, encrypt data and hold it for cash ransoms.
“The ransomware payload wasn’t all that novel,” said Jack Danahy, CTO of Barkly Protects, a company that provides enterprise anti-malware defenses. “What they did used a new technique to spread itself using an exploit called Eternal Blue which was revealed by ShadowBrokers.”
Danahy pointed out that the recommendation for defeating the WannaCry attack was simply to apply the patch released by Microsoft in March to close the vulnerability. He said that even if the malware writers removed the kill switch that ended the spread of WannaCry, a new version wouldn’t be particularly effective, because so many users will have patched their versions of Windows.
“There were other exploits in that dump that the ShadowBrokers released,” Danahy said. He said that ShadowBrokers have now promised to release a new round of exploits each month. “If they release a wave of new ransomware every month, we may see a type of ransomware that’s propagated more broadly when it’s released.”
Danahy said that such a monthly release schedule may effectively force the hands of IT departments to update their systems and apply patches more rigorously. He said that the amount of attention that WannaCry generated will also play a role in encouraging the malware writers to try new things. “It’s kind of the perfect crime,” Danahy said, “Profitable, simple and anonymous.”
But Danahy thinks the nature of the ransomware may change so that more victims will actually pay up. He said that his company recently found in a survey that only about 5 percent of victims actually pay the ransom.
This is partly because victims have learned to have backups in place so that they don’t need to pay the ransom, but also said that there’s a growing lack of trust among victims that cyber-criminals will decrypt their data even if they paying the ransom.