Nearly one and a half years ago, the world experienced probably the biggest cyberattack in its history. The attack was carried out through a ransomware script called WannaCry. The ransomware infiltration spread like the Biblical plague. Within a week, WannaCry affected millions of computers in more than 140 countries. There are no exact figures to corroborate this claim, but it is said that billions of dollars have been spent on ransomware removal and for the recuperation of the all the tangible and intangible losses inflicted by the ransomware.
There is a perception among many users that WannaCry was sen into oblivion after this unprecedented wide-scale attack. However, that’s not quite true. According to the developer of a killswitch at Kryptos Logic, WannaCry is still thriving in the cyberspace. The kill switch was particularly developed to neutralize the encryption component of WannaCry. This means users with the Killswitch on their devices won’t lose their data even if they get affected by a WannaCry ransomware attack.
Nevertheless, the Killswitch can’t entirely wipe out the cryptovirological strain. So, professional ransomware removal services are still required. WannaCry keeps on running in the background and continuously tries to connect with a Killswitch to see whether it is still active.
Kryptos Logic’s head of security and threat intelligence, Jamie Hankins, has recently revealed the figures regarding the Killswitch activity. Those numbers clearly indicate that WannaCry is still alive and kicking.
As per Hankins, their kill switch domain for WannaCry still detects over 17 million connections within a week. It was also found that these beacons are coming from over 600 different IP addresses from all corners of the world. This stat only shows the activity of WannaCry on devices with kill switch domains. The actual figure of its attempts is definitely way more than that.