It’s been the better part of two years since the outbreak of the Wannacry ransomware epidemic. Unfortunately, all this time later, some companies are still dealing with the fallout. According to the latest research, Wannacry is still infecting hundreds of thousands of computers around the globe.
As grim as that sounds, it’s not all bad news. After all, the malware has been rendered harmless by the now famous “kill switch” discovered by Kryptos Logic security researcher Marcus Hutchins, who found a glaring flaw in the design of the software. The flaw allowed him to register a domain and encode it with instructions that would keep the ransomware component of Wannacry from activating and actually encrypting files.
That, however, did nothing to get rid of the malicious code infecting legions of PCs around the world. Sadly, much of the code remains in place on infected machines, silently lurking in the background. Kryptos Logic is uniquely positioned to know, since they control the kill switch domain and have continued to monitor traffic to it since building the kill switch on it. To this day, their site continues to be pinged by new IP addresses as the now toothless infection continues to spread.
It’s not hard to see why the removal of a piece of malware that has been rendered suddenly toothless takes a lower priority for busy, and often harried IT security professionals. Leaving the code in place on infected machines is not without risk, however.
It is possible, however unlikely, that the hackers who built the program to begin with could find a way to get around the kill switch. If that should happen, then we’ll be facing the full fury of the epidemic all over again, something no one in the field of digital security wants to contemplate.
The bottom line is simply this: If you were impacted by Wannacry when the outbreak initially occurred, it’s worth double checking to make sure that all traces of the malicious code are gone from your network. Better safe than sorry.