WannaCry Hackers Still Trying To Revive Attack, Says Accidental Hero

The "accidental hero" who registered a web address that became the so-called kill switch for WannaCry has said hackers are trying to overwhelm the site to resurrect the ransomware that plagued companies around the world.

The web address acts as a beacon for the malware, which if contactable tells WannaCry to cease and desist. In registering the domain name, a self-trained 22-year-old security expert from south-west England called Marcus Hutchins halted the spread of WannaCry by activating its kill switch.

Hackers are now trying to make Hutchins' domain unreachable using a distributed denial of service (DDoS) attack -- overwhelming it with traffic so that attempts to contact the domain by WannaCry go unanswered, thus de-activating the kill switch.

Hutchins has taken precautions to protect the domain from the DDoS attacks, which are using the Mirai botnet, switching to a cached version of the site that is capable of dealing with much higher traffic loads than the live site.

So far, the kill switch remains in operation, Hutchins says, which should help any computer systems that have not been updated or secured yet from falling foul of this strain of the WannaCry [aka WannaCrypt] attack.

A week after the WannaCry outbreak, analytics have revealed that, despite Windows XP grabbing the headlines due to its use in the NHS and other institutions, it was Windows 7 that was the worst affected by the ransomware.

According to data from cybersecurity firm Kaspersky, Windows 7 accounted for more than 98% of WannaCry infections, with Windows XP accounting for an ?EU?insignificant?EU? volume of infections globally. The estimates are based on computers running the Kaspersky's security software, while data from BitSight indicated the number was lower but still significantly skewed towards Windows 7, with 67% of infections.

That Windows 7 accounted for the majority of WannaCry infections is not that surprising. Windows...

Comments are closed.