WannaCry is still alive, attacked 1,64,433 users in 2019

May 12 marks three years of WannaCry, the largest ransomware epidemic in history. And since, WannaCry and other ransomware threats are still affecting people and companies.

A recent Kaspersky research has revealed that in 2019, WannaCry kept its position at the top of the most prevalent ransomware families, while almost a third (30%) of those targeted by ransomware were corporate users.

Both Kaspersky and Interpol have urged organisations to think about backing up their data and adopting relevant protection so that they can avoid any potential ransomware siege and a catastrophe similar to WannaCry can be avoided.

The WannaCry attack became the most noticeable of its kind, spreading with the help of an advanced cyber-weapon, EternalBlue, which is a complex and effective exploit used to target the unpatched vulnerability in Windows. As a result, WannaCry caused a real worldwide cyber-epidemic.

According to Kaspersky's research, a total of 767,907 users were attacked by encryptors in 2019 - with almost a third of them (30%) being in businesses. Of all the encryption families, WannaCry still was the most common – in 2019, it attacked 164,433 users and accounted for 21% of all detected attacks. With a significant margin, it was followed by other families such as GandCrab (11%) and Stop (4%).

GandCrab is a well-known ransomware-as-a-service, developed by a team of criminals and rented to the broader community and has been distributed for years. The Stop ransomware campaign is also a well-known threat spread through compromised software and websites, as well as adware.

Ransomware is a big challenge for many organizations. Even though it is not the most advanced threat from a technical point of view, it allows criminal actors to block business operations and extort money. As a result of ransomware incidents, organisations have lost on average $1.46 million in 2019 according to reports and this included costs for downtime, fines and reputational damage.

Protection from ransomware is possible through feasible security measures. Kaspersky experts suggest these following measures:

- Explain to employees how following simple rules can help a company avoid ransomware incidents. Dedicated training courses can help.

- Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on the physical object but also in cloud storage for greater reliability. Make sure you can quickly access them in an emergency when needed.

- It is essential to install all security updates as soon as they become available. Always update your operating system and software to eliminate recent vulnerabilities.

- Try a free anti-ransomware tool.

- If a corporate device is encrypted, remember that ransomware is a criminal offence. You shouldn't pay the ransom the attacks demand. If you become a victim, report it to your local law enforcement agency. Try to find a decryptor on the internet first – some of them are available for free here.