Honeypot Server Gets Infected with WannaCry Ransomware 6 Times in 90 Minutes

Honeypot Server Gets Infected with WannaCry Ransomware 6 Times in 90 Minutes

By | May 28th, 2017
No Comments on Honeypot Server Gets Infected with WannaCry Ransomware 6 Times in 90 Minutes

The WannaCry ransomware — also known as WCry, Wana Decrypt0r, WannaCrypt,

and WanaCrypt0r — infected a honeypot server made to look like a

vulnerable Windows computer six times in the span of 90 minutes


														
							

During one of those infections, WannaCry infected the honeypot in a mere three minutes after it was reset, showing the aggressive nature of the ransomware’s scanning module, which helps it spread to new victims.

Remind you that the ransomware was defanged via a kill-switch researchers found in its code, but this test shows how quickly new infections will be made if this kill switch wouldn’t have been discovered.

Furthermore, three minutes is about the same amount of time IoT malware will infect a vulnerable home router left connected to the Internet without patches.

According to data from the MalwareTech botnet tracker, the WannaCry ransomware has made over 223,000 victims since it started to spread on Friday afternoon.

Across the large number of infections, researchers have discovered that the authors of the ransomware have used only three Bitcoin addresses to receive payments [1, 2, 3].

At the time of writing, these three Bitcoin wallets hold 17.309 Bitcoin, which is around $31,600. Compared to the number of infections, the WannaCry gang has failed to capitalize on their tool.

Read more

Google
Nisheeth Bhakuni