A new and potentially more destructive variant of the WannaCry ransomware has been uncovered in four countries, indicating that the world may be at the cusp of another wave of destructive cyberattacks like the one that struck over the weekend. The new malware variant comes without a kill switch, indicating that cybercriminals are working tirelessly to create new and harder-to-kill versions to renew their global onslaught.
The first wave of attacks were stopped by a 22-year-old British security researcher, known as MalwareTech, who activated the kill switch in the original WannaCry ransomware variant after registering the malware's domain. According to security researchers at Cyphort who discovered the new WannaCry strain, merely registering the malware's domain would not help to stop the attacks this time.
Cyphort researcher Mounir Hahad told IBTimes UK that the new strain is "live in the wild" and infecting systems in Australia, Denmark, Germany and South Korea. "The infection pattern is indiscriminate: no specific region or industry is particularly targeted," Hahad added.
According to Cyphort, this particular strain "uses a different domain to check for internet connectivity, one that cannot easily be sinkholed". The researchers also noted that the variant was unlikely to have been created by a researcher as a test case as it has been found in four different countries.
"It seems that the cyber criminals found a smarter way to evade sandbox detection by checking on a site that researchers cannot sinkhole," Hahad said. "This technique allows the malware to spread again unchallenged."
The discovery of this new strain of WannaCry indicates that cybercriminals are working to renew their global onslaught, as previously warned by experts.
"This discovery clearly shows the threat actors have a pulse on the progress of their campaign and are able to quickly turn around enhancements to work around the security industry. It also shows they are confident of their steps: instead of backing off and hide after causing so much damage, they boost their campaign," Hahad told us.
Even as security experts work on uncovering new strains of the ransomware in an effort to shut down attacks before they can begin and to better defend against further attacks, governments have started playing the blame game. Russian president Putin recently blamed the US for the WannaCry attacks. And Britain's former spy chief Sir David Omand blamed Microsoft for the ransomware outbreak.
"Should Microsoft have stopped supporting Windows XP so soon, knowing that institutions had invested heavily in it (at the urging of the company at the time)?" The Times quoted the former GCHQ chief as saying.
Microsoft rapidly released new patches to address the ransomware attacks. The tech giant had issued patches in March to fix such vulnerabilities, but since most older Windows systems with older operating systems require the patch to be manually updated, not all users were protected from the attack, despite the company's quick action.
Microsoft also hit back at the NSA for stockpiling cyberweapons, the theft of which it equated with "Tomahawk missiles being stolen", squarely putting the blame for the WannaCry attacks on the NSA and the US government.
As the threat of new attacks continues to hang over the world, users need to ensure that they patch their systems and run the most updated version of their OS (operating system). You can find out more about how to stay safe from the attacks here.