WannaCry is not dead, and something bigger and nastier is coming

23 Jun 2017

Image: Zephyr_p/Shutterstock

The self-spreading WannaCry ransomware is still doing its thing. More worryingly, it has a sibling that is potentially more deadly.

More than a month ago, the world came under cyberattack and entire hospital systems, such as that of the NHS, were knocked offline. Judging by the latest incidents, WannaCry is still at large.

The latest victims of WannaCry include the Honda Motor Company, and about 55 speed and traffic light cameras in Australia.

The malware infected more than 300,000 Windows systems, which were mainly running dated, unsupported software such as Windows XP and SMBv1.

The attack began on 12 May and struck in 150 countries within just 72 hours.

In the latest development in the saga, Honda had to halt production of more than 1,000 vehicles at its Tokyo plant after WannaCry infected its networks in the US, Europe and China. The company said production had been stalled for 24 hours as a result.

This raises questions as to whether or not Honda applied the critical patch released by Microsoft in the aftermath of the attack.

In related news, Victoria Police in Australia said that WannaCry infected 55 traffic light and speed cameras after infiltrating the systems of camera operator Redflex.

It is believed the malware got on board the police force’s systems via a technician’s USB drive. While the virus has been detected, the Victoria Police said the cameras have not been compromised.

WannaCry some more?

A chilling discovery about WannaCry is that it is believed to have been stolen from the US National Security Agency’s stockpile of secret cyber weapons.

A year ago, a group calling itself the Shadow Brokers began posting software tools from the NSA’s cyber arsenal. The fact that a weapon paid for by US taxpayers was threatening civil societies across the world was an eerie reminder of Stuxnet.

Stuxnet was a virus jointly developed by the US and Israel to take down Iranian nuclear facilities, but instead went rogue and attacked energy plants, hydro dams and nuclear plants all over the world.

Reports are now emerging that WannaCry isn’t the only stolen cyber weapon that’s out there. According to The New York Times, the CIO of IDT Corporation, Golan Ben-Oni, has discovered a nastier sibling to WannaCry.

Ben-Oni said that IDT was hit by a cyberattack two weeks after WannaCry and it bore similar hallmarks, as it was ransomware that demanded a bounty in return for the company’s data.

However, it turns out that the ransom demand was a smokescreen. While Ben-Oni and his colleagues were negotiating with the hackers, the virus was stealing employee credentials that could be used to destroy systems.

Ben-Oni has been warning about the nature of the attack but has been drowned out by the hoopla over WannaCry. Worse still, he said that this more sinister version of WannaCry has not been identified by any of the large security software vendors.

In some way this is alarming, but not wholly unsurprising because security companies are in a cat-and-mouse game with hackers and, usually, threats lurk in the wild for months before security firms confirm their existence.

Either way, you have been warned. WannaCry is far from dead, and something insidious may be around the corner.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years