There were predictions that the fast-spreading “WannaCry ” (aka “WannaCrypt”) ransomware would quickly evolve to get around its domain-based kill switch, and, well… the predictions were right. Security researchers have discovered variants of the Windows malware that either have different kill switches (easy to stop by purchasing the web domain) or don’t have a kill switch at all. MalwareTech’s initial findings might have stopped the original WannaCry in its tracks, but that was really just a speed bump for malicious coders.
In the meantime, the NSA-derived attack has affected companies and infrastructure well beyond the UK’s National Health Service. French car manufacturer Renault has confirmed to Reuters that it stopped production at multiple sites on May 13th to limit the reach of WannaCry. It plans to resume business as usual on Monday, but that’s a significant setback for a company that counts on continuous manufacturing. FedEx, Telefonica, Germany’s railway system and other big names have also been hit, although not always so dramatically. Europol’s Rob Wainright reports that the ransomware has hit about 200,000 computers in over 150 countries, and believes that the problem is getting worse, not better. It could be particularly bad on Monday, when many businesses switch on their computers and might expose unpatched systems to attack.
There will be solutions to this particular attack: more organizations will patch their PCs, and updated antivirus software will catch the malware. The big question is whether or not this will prompt a broader change in security policy. Many of the victims fell prey simply because their systems were running Windows XP or Server 2003, both of which have lost official support outside of special contracts. While it would be unrealistic to expect everyone to always run the latest operating system (software compatibility and cost are major concerns), you may well see repeat incidents unless these large-scale customers get in the habit of staying reasonably up to date.