WannaCry is still circulating and affecting machines, but thanks to the kill switch discovered by @MalwareTechBlog, it is more or less neutralised now. Those machines still being affected must not be able to “see” the kill switch domain.

Here’s an interesting tidbit – Windows XP was NOT badly affected by WannaCry. There is a bug in it that meant it could not worm its way out of a WinXP box. Windows 7 was the biggest spreader of it, at 98% of the machines impacted, according to this graphic from Kaspersky:

So all of the furore about limited budgets causing legacy applications to be kept going, long beyond the Operating System support end-dates was something of a red herring. 

There were also rumours hyped by Heimdal Security last week about a kill switch free version of WannaCry (which was called Uiwix) that was going to be the end of times for the internet. It seems that they slightly over egged that pudding as only a single trace of it was found.

Despite what experts in large security firms might still be saying, WannaCry did not spread through e-mail as an attachment or a link. They were probably confused by the fact that just the day before WannaCry hit, a new Ransomware variant called Jaff came out, which did use e-mail as a vector. WannaCry was a worm and it did all the infecting all by itself.

Finally, the evil doers haven’t made much in the way of Ransom money. It seems that so far they’ve only made a little over $90,000.

Here a short video from myself with some tips on how you can protect yourself from Ransomware. Enjoy.

Of course these tips are included in our Ten Commandments.

The post WannaCry no more. At least for now. appeared first on L2 Cyber Security Solutions Ltd..