Home / / Paladion discovers new variants of WannaCry

Paladion discovers new variants of WannaCry

The ransomware attacked infected telcos, utilities, universities, ministries, rail companies, local government and private companies

Paladion discovers new variants of WannaCry
Amit Roy: "Since Sunday, we have discovered WannaCry Ransomworm versions without a connection to the previous Kill Switch."

It has been a week since WannaCry ransom worm surfaced and now cyber defence company Paladion has announced it has discovered new variants.

However these variants have no connection to the previous Kill switch discovered in the original ransomware.

Amit Roy, executive vice president and regional head for EMEA at Paladion, said: "The first large wave of WannaCry may have died down because a domain the ransomware was calling was registered by a security researcher, thus revealing a kill switch. However, the fact remains that if affected devices are not patched immediately and mitigation steps are not taken, there is still a high possibility of re-infection."

"Since Sunday, we have discovered WannaCry Ransomworm versions without a connection to the previous Kill Switch. Of the variants that surfaced on 14th May 2017, two have an updated domain name or kill switch and one does not have a kill switch. However, the variant with no kill switch has bugs that are preventing it from encrypting user data. But then, the propagation part via ETERNALBLUE and DOUBLEPULSAR works without a hitch," explained Roy.

In order to contain the spread of the cyber-attack and to mitigate, Paladion advices that MS17-010 and related patches for CVE-2017-0143 to CVE-2017-0148 should be patched immediately.

Also important is the Shadow Brokers leak of exploit tools that became public in April 2017. The dump includes several other CVEs, and these patches should be prioritized to stay protected from imminent threats.

The WannaCry ransomware meant that before every infection it would try to call the domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. If there wasn't a response, it would lock the victim's machines. However, if the domain was up and running, the malware would stop in its tracks - slowing down the spread.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.