Did you know that there are still many, many computers that are still infected with the Wannacry ransomware? I have to admit, this was news to me when I first read it. “But how, if all these computers are still infected, are they working,” I hear you cry. Good question. Read on to find out…
The Wannacry background story
For those of you who are young and forgetful, due to the constant playing of video games no doubt, let me remind you of what happened.
Around May of 2017, ransomware started appearing on computers all over the world. The unlucky people whose computers had been infected got a message like the one below:
Of course, it was later discovered that this ransomware had been known about for at least six months (if I remember rightly), and the reason why so many computers were affected was because many people thought, and still do, that updates are an optional extra.
Anyway, to fix the problem, users had to cough up a certain amount of bitcoin. And no, this is not a reason to ban bitcoin. If using currency for illegal activities was a reason to ban them, then the US dollar would certainly be the first one against the wall.
How many countries were affected?
It would be quicker to ask, “How many countries weren’t affected?” Either way, as I have a serious aversion to listing anything, below is a map I got from Wikipedia showing the countries affected.
As you can see from the image, most of Africa and individual countries like N. Korea, Papua New Guinea, and New Zealand were unaffected. So basically, any country that didn’t have computers.
How did it get fixed?
Well, it didn’t really, but I know what you mean. Marcus Hutchins, who is now a 24-year-old security researcher working for Kryptos Logic, came up with a very simple yet clever idea.
He noticed that Wannacry was linked to an unregistered domain name. By registering the domain name, he was able to stop the spread of the ransomware. Obviously, I have staggeringly simplified the whole story.
Where are we now?
This is the bit that has got me seriously scratching my head. As I said above, remarkably, many computers around the world are still infected. The reason for this is actually quite simple. Because of the aforementioned domain that acts as a ‘kill switch’, computers are relying on it to ‘turn off’ the Wannacry virus.
The problem with this is that while the domain has been moved to Cloudfare to make it as available as possible, it will only work as long as computers can connect to the domain. In the event that the domain is not available which, for example, would only require a loss of power, computers still containing the Wannacry virus would immediately come under threat.
All this has been written about by Jamie Hankins in a very informative post entitled, “WannaCry: End of Year Retrospective” which you can read here.
Wrapping it all up
This seems a little strange at the very least. The only reason I can think of to still having Wannacry on your device is if you have no idea it is there. If you are not sure, google it. There are many websites giving advice on how to check to see if Wannacry is on your PC, and what to do if it is.
We would love to hear from you if you have had any experiences dealing with the Wannacry virus. Let us know in the comments below.
RELATED ARTICLES YOU SHOULD CHECK OUT: