Since 2017, WannaCry (WCRY) aka EternalBlue was involved in a widespread series of attacks exploiting a flaw in Windows Server Message Block version 1. The flaw tracked as CVE-2017-0143 had long ago been patched by Microsoft with its MS17-010 security update.
But it’s 2021 now, and WannaCry and EternalBlue keep being the most prevalent threats, according to a report from the security firm Trend Micro on malware trends in 2020.
The most common type of malware family detected last year was WannaCry, says Trend Micro, followed by cryptocurrency miners and Emotet.
It’s worth noting that Trend Micro’s report is based on the infrastructure, endpoints, and servers that this particular firm and its customers have worked with. Security firms operating in different sectors, geographies, or serving different company sizes may have different results.
Rik Ferguson, vice president of security research at Trend Micro, shares his view why this malware family remains so prevalent nearly four years after it first appeared.
“The one thing that really keeps WannaCry prevalent and active is the fact that it is wormable ransomware. Couple that with the fact that… there remain 9,131 internet-facing machines vulnerable to MS17-010 and you quickly begin to understand why it continues to propagate,” Ferguson explained to Careersinfosecurity.
EternalBlue has been created by the National Security Agency (NSA), but the exploit later was obtained and leaked by the Shadow Brokers group in 2017.
Two months later, the EternalBlue-targeting version of WannaCry appeared, albeit without encryption capabilities. Many experts were saying it has been developed by North Korean hackers.
“Many of the versions we see spreading in the wild today are modified versions of the original, and they do not have – or else they bypass – the kill switch, which contributes to the spread,” Ferguson told Careersinfosecurity.
He further explained the majority of these infections spread but cannot encrypt, and thus go unnoticed.
This explains that while WannaCry is the most detected malware, it is not the most dangerous.
Nevertheless, WannaCry still continues to infect unpatched systems and can damage at least some.
Finnish security firm F-Secure also reports that in 2020, the most-detected type of exploits continues to be against the SMB_v1 flaw known as EternalBlue. Part of these were caused by WannaCry.
