Security experts struggle in search for WannaCry clues- Reuters

This post was originally published on this site


Efforts by IT security researchers to get to the bottom of the recent ransomware attack have been hampered by an inability to find early traces of the so-called WannaCry strain, according to research commissioned by Reuters and conducted by security ratings firm BitSight.

While the security experts have struggled to find the so-called ‘patient zero’ in the attack, they have been more successful in finding the cause of the attacks and the reason why it was so successful.

Reuters reports that two thirds of those affected were running old versions of Microsoft’s Windows 7 operating system and failing to install the latest security upgrades.

BitSight’s research showed that 67% of 160,000 affected computers were Windows 7 users, whereas the same operating system is used by less than half of global PC users.

The Ransomware attack affected more than 300,000 internet addresses worldwide, including government agencies, large corproates and banks. And experts are warning that the threat is far from over with a new and enhanced strain expected to be unleashed soon.

“Some organisations just aren’t aware of the risks; some don’t want to risk interrupting important business processes; sometimes they are short-staffed,” said Ziv Mador, vice president of security research at Trustwave’s Israeli SpiderLabs unit, speaking to Reuters. “There are plenty of reasons people wait to patch and none of them are good.”

Reuters also reports that half of all internet addresses corrupted globally by WannaCry are located in China and Russia, with 30 and 20 percent respectively. Furthermore, infection levels have spiked again this week, according to data supplied to Reuters by threat intelligence firm Kryptos Logic.

However, the respective central banks at the two countries have issued statements to minimise any concern that banks have been affected by the ransomware attacks.

The Russian central bank confirmed there were some isolated cases but they were dealt with quickly and recommendations to update any Windows software were twice issued to all banks in the wake of the attacks.

Meanwhile China’s central bank, the People’s Bank of China, told Reuters that it has thus far found any cases among its institutions, although it will continue to monitor the situation, adding that it “attached great importance to the work of creating a secure financial network and strengthening internet security and governance”.