Everyone in the world will be aware of the recent global ransomware attack wreaking havoc on Windows computers all over the world. This malware known as Wana Decryptor or WannaCry, was also responsible for six infection attempts against a honeypot server. These different attacks took place over the course of 90 minutes, indicating the malware is one of the most aggressive types we have seen to date.
WannaCry Targets Honeypot Server
Every time a major ransomware attack takes place, it is up to security researchers to obtain a sample of the source code. This is often done by setting up a so-called honeypot server, which mimics a device vulnerable to that specific malware attack. In this case, the server “listed” itself as a vulnerable Windows machine that could be affected by the WannaCry malware.
As it turns out, obtaining this malware sample was far less difficult than originally assumed. In fact, the ransomware successfully attempted to infiltrate the honeypot server a total of six times. More importantly, all of these attempts were made over the span of just ninety minutes. That is quite an unprecedented number of attempt infections.
Every time the ransomware attempted to infiltrate the server, the researchers controlling it successfully reset it. One of the next attacks occurred three minutes after such a reset. Once again, this is rather unprecedented, as such aggressive behavior does not occur all that often. The aggressive nature of Wana Decryptor has become quite apparent, which makes it even more dangerous than originally assumed.
To be more specific, the researchers discovered this ransomware has quite an aggressive scanning module. Most people are aware of how malware types scan servers and computers around the world for vulnerabilities in an attempt to spread itself further. Luckily, this malware has been brought to a halt thanks to its kill switch, otherwise, the damage would have been infinitely more severe.
One thing to keep in mind is how the Wana Decryptor attack has not been the most lucrative by any means. Even though the developers successfully infected over 220,000 devices over the past few days, they “only” made US$31,000 in payments. This goes to show successfully deploying ransomware is one thing, but even a large-scale attack will not make perpetrators rich by any means. Sadly, this still means quite a few victims paid the ransom in Bitcoin, which should never have taken place to begin with.
In the end, it is critical to remember the Wana Decryptor malware itself is not special by any means. Even though the worm aspect of the code is top-notch, the ransomware part itself is nothing out of the blue. It is evident this malware is only successful due to using a modified version of an NSA tool that should have never been created in the first place. It is important to remember how this situation came to be.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.