After the WannaCry ransomware grabbed headlines far beyond the usual tech circles that cyberattacks get, the locating of the kill switch by MalwareTech barely gave cybersecurity researchers a chance to catch their breath. You see, WannaCry was just the beginning. Malware both variations of WannaCry and new have seemingly multiplied and grown stronger than ever like, "Hello, Mr. Anderson."
It didn't take long after the kill switch was activated on WannaCry before researchers began to realize that is wasn't the end of the ransomware. It was quickly realized the malware could just have the code edited to check a different domain, thus having a different kill switch. And what do you know, what is believed to be the malware authors proceeded to do just that. So began a game of cat and mouse between cybersecurity researchers and analysts against the malware authors, as the authors switched kill switches and the researchers and analysts bought the new kill switch domains as fast as they could be found. Another threat found by MalwareTech and his compatriots at the cybersecurity firm Kryptos Logic was attempts to DDoS the kill switch domains using the Mirai botnet to take them offline, which would result in every computer protected by the kill switch activation to have the ransomware be set off. Which if you thought the initial hit of the ransomware was bad, MalwareTech has registered over 400,000 domains protected, that would then be compromised should the botnet be successful. And on the horizon are copycat hackers attempting to edit WannaCry so there is no kill switch. So far detected attempts have led to the ransomware being corrupt(then useless), but that is no guarantee that future attempts will be similarly unsuccessful.
WannaCry was a major wake up call. Not to much of the cybersecurity community who had been ringing the alarm bell about MS17-010(Microsoft SMB vulnerability WannaCry exploits), but to many companies and individuals who had been ignoring updates and patches, and by extension security. Most notable was the discovery that WannaCry was not the first malware in the Internet of Things to exploit the vulnerability, in fact, another malware actually protected many systems from WannaCry. Adylkuzz is a malware discovered by Kafeine, a researcher at the cybersecurity firm Proofpoint, that hijacks computing power in order to "mine" cryptocurrencies(think of it as Bitcoin's cousins). Adylkuzz actually closes the vulnerability after infection which spared many systems the catastrophe of WannaCry while still suffering degraded performance while Adylkuzz is on the system. Adylkuzz is believed to have infected at least tens of thousands of devices but the number is almost impossible to know considering the malware is purposely not nearly as dramatic as WannaCry and tries to keep a low profile on the systems it has infected. And with this new discovery, who knows just what else has exploited that single Microsoft vulnerability.
Just to add more fuel to the fire is a new arrival and a promise. On May 19th a new ransomware burst onto the scene, discovered by a researcher at MalwareHunterTeam, this nasty piece of work is dubbed XData. XData as of May 20th has almost exclusively hit places in Ukraine(95% of infections), but cyberspace and malware don't have a tendency to respect geographic boundaries, at least for long. But what is really worrying is the unknowns with the known. Researchers do not know who could be behind this attack or how it is even spreading, which is extra concerning because XData currently has an infection rate triple that of WannaCry, which spread scarily fast. Combine that with an announcement by the Shadow Brokers,you know, the group that released the vulnerability that got us WannaCry and Adylkuzz, that they had plans. To be more specific, they announced that starting in June of 2017 they would begin dumping more vulnerabilities and zero day exploits, which are vulnerabilities that nobody has even had time to patch yet. Meaning cybersecurity professionals have one hell of a summer ahead of them to look forward to.
While we are all incredibly lucky to have a strong community of individuals fighting the good fight against hackers and other bad actors, they aren't wizards. Quite simply they won't be able to stop or prevent every attack, and not every solution will be a perfect fix. Even the WannaCry kill switch doesn't stop infection, it just stops WannaCry from activating. But that is no reason to make it easy on the hackers, for the love of god, patch your systems! And continue to do so, not only to guard against existing threats, but to be ahead of hackers as companies patch vulnerabilities and bugs. Download a good antivirus, and apply a healthy skepticism towards websites and emails. For example, if you aren't expecting a link from the person you received it from, don't click it. Every little bit can go leaps and bounds at making it much harder for you to become a victim, and make life that much harder for hackers and malware authors.