The WannaCry ransomware had, for a few days last week, literally make hundreds of thousands of Windows PC users want to cry. And while its threat has apparently been stemmed, thanks to the quick work of a young cybersecurity expert, new reports claim that hacking crews are trying to resurrect the malware just days after it was crippled.
WannaCry wasn’t the first malware of its kind to make headlines in recent months for its wide scope and deadly capabilities. In September of 2016, the malware known as “Mirai” (Japanese for “future”) had launched, taking the form of an “extremely large and unusual” distributed denial of service, or DDoS attack, according to a blog post from security expert Brian Krebs. Krebs, whose own site was affected by Mirai, wrote that the attack was, in fact, almost twice as large as the widest such attack previously identified by content delivery network. Mirai was responsible for several major websites, including those of Reddit and Spotify, going down for an extended period of time.
Last week, a crew of hackers launched another crippling malware attack in the form of WannaCry. The ransomware, as the Inquisitr wrote, locks Windows users out of their computer accounts, effectively holding their information hostage unless they pay at least $300 within three days, or $600 within a week, both in the form of Bitcoin. A few days later, 22-year-old Kryptos Logic cybersecurity analyst Marcus Hutchins had found a vulnerability in the malware and successfully spotted its “kill-switch,” stopping WannaCry before it could affect even more computers. On a related note, a team of French researchers was also able to devise a way to decrypt files affected by the ransomware attack.
A new report, however, suggests that the WannaCry ransomware may not have been completely neutered after all.
Given the absurd level of risk that comes with running Windows XP in 2017, why on earth would anyone stick with it? https://t.co/wcI8qa2m6S
— WIRED (@WIRED) May 20, 2017
According to Wired, it would now appear that hacking crews are now working on a way to resurrect WannaCry, using their own versions of the Mirai bot network from last September and having them target WannaCry’s kill-switch. The good news is that Hutchins and other security experts have been successful so far in countering this blended approach which combines the “best” of two debilitating malware attacks. The bad news, unfortunately, is that there’s a strong chance the ransomware could spread once again “in the unlikely event that the hackers succeed.”
Basically, the idea behind this planned resurrection of the WannaCry malware is to use various “zombie devices” from the Mirai bot network, such as webcams or modems, for example, and have them send junk traffic to WannaCry’s kill-switch website. The goal here is to wake up the new malware’s infections and effectively kill off the kill-switch domain, allowing the bug to keep on spreading.
Is there really a good chance that the WannaCry ransomware is coming back? Marcus Hutchins, the young hero who foiled the original attack, told Wired that he is confident he could stop whoever is behind these plans, as his firm Kryptos Logic has hired an unnamed DDoS “mitigation firm” that could stymie any attempts to resurrect the malware.
As for who may be behind such an act, Hutchins added that he’s “fairly sure” that the hacking teams working on the return of WannaCry are not related to the authors of the original ransomware. He theorized that the new DDoS attacks originated from established Mirai bot network copycats that were launched when Mirai’s creator released that particular malware’s source code. Hutchins also believes that the attacks are mostly amateurish attempts from “nihilistic, low-skilled” hackers, and nothing more.
“Now any idiot and their dog can set up a Mirai botnet.”
Considering WannaCry had made thousands of people lose valuable data and even crippled some healthcare systems, Hutchins believes that the people behind the WannaCry ransomware aren’t in it for financial gain, contrary to the ostensible motive of any hacking team behind a virulent form of ransomware. However, he believes that the crews trying to bring the ransomware back from the grave are “doing it just for the fun of hurting people” — in other words, trolling computer users for kicks.
[Featured Image by Carlos Amarillo/Shutterstock]