Nov 13, 2018 - World

WannaCry is still dominating ransomware

Justice Department officials in the background of a monitor displaying a North Korean man.

Justice Department officials charge North Korean national over WannaCry ransomware attack. Photo: Mario Tama/Getty Images

WannaCry, once the greatest cybersecurity calamity in history, now doesn't work. A website critical to its function is now controlled by civic-minded security researchers, and the fixed deadline to pay the ransom has long passed. Yet WannaCry still accounts for 28% of ransomware attacks — the most of any ransomware family.

The big picture: According to a new study by Kaspersky Lab, the defanged North Korea linked ransomware is still spreading uncontrollably. The spreading mechanism that passed WannaCry from victim to victim that was so virulent in the 2017 attack is still active, even if the ransomware itself isn't. "This is not an uncommon occurrence, as there are multiple currently defunct worms that are still automatically spreading in the wild and infecting unpatched/unprotected machines," wrote Fedor Sinitsyn, senior malware analyst, via email.

Go deeper