WannaCry Remains a Threat, Attacking Nearly 75,000 Users in Q3 2018

Woburn, MA – November 12, 2018 –Kaspersky Lab is releasing its Q3 IT Threat Evolution Report, which revealed that a year and a half after its epidemic, WannaCry ransomware tops the list of the most widespread cryptor families. The ransomware attacked 74,621 unique users worldwide during the last quarter, accounting for 29 percent of all users targeted by cryptors in Q3 2018. This percentage has risen over the last year, demonstrating more than two thirds growth since Q3 2017, when WannaCry accounted for 17 percent of cryptor attacks. 

The series of WannaCry cyberattacks that occurred in May 2017 is considered to be one of the biggest ransomware epidemics in history. Although two months prior to the start of the attacks, Microsoft had released a patch for the Windows operating system to close the vulnerability exploited by EternalBlue, WannaCry still affected hundreds of thousands devices around the globe. As cryptors do, WannaCry encrypted files on victims’ computers, making it impossible to operate the infected device. Threat actors then demanded ransom in exchange for decryption keys, created to decipher the files and make the device usable once again.

The consequences of the WannaCry epidemic were devastating; as the victims were mainly organizations with networked systems, a number of businesses, factories and hospitals were paralyzed. Although this case demonstrated the dangers cryptors pose, and most PCs around the world have been updated to resist the EternalBlue exploit, statistics show that criminals are still trying to exploit computers that weren’t patched – and there are still plenty of them around the globe. 

Number of unique users attacked by cryptors, Q3 2018

Overall, Kaspersky Lab security solutions protected 259,867 unique users from cryptor attacks during the third quarter of 2018. This is a 39 percent increase compared to Q2 2018, when the figure was 158,921. The growth in Q3 was rapid yet steady, with the number of attacked users increasing month over month. 

“The rising share of WannaCry attacks is another reminder that epidemics don’t end as fast as they start; there are always long-running consequences,” said Fedor Sinitsyn, security researcher at Kaspersky Lab. “In the case of cryptors, attacks can be so severe that it is necessary to take preventive measures and patch the device, rather than deal with encrypted files later.”

Other online threat statistics from the Q3 2018 report include:  

• Kaspersky Lab solutions detected and repelled 947,027,517 malicious attacks from online resources located in 200 countries and territories around the world (a 1.7% decrease compared to Q2 2018);
• 246,695,333 unique URLs were recognized as malicious by web antivirus components (30% decrease compared to the previous period);
• Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 305,315 user computers (41.5% growth compared to the previous period);
• Kaspersky Lab’s file antivirus detected a total of 239,177,356 unique malicious and potentially unwanted objects (24.5% growth compared to the previous period);
• Kaspersky Lab mobile security products also detected 1,305,015 malicious installation packages (25% decrease against previous period).

To reduce the risk of infection by WannaCry and other cryptors, users are advised to:

• Always update your operating system to eliminate recent vulnerabilities.
• Use a robust security solution with updated databases. It is also important to use a security solution that has specialized technologies to protect your data from ransomware, such as Kaspersky Lab solutions. Even if unknown malware does manage to sneak through, Kaspersky Lab’s System Watcher technology is able to block and roll back all malicious changes made on a device, including the encryption of files.
• If all your files are encrypted with crypto-malware, it is not recommended to pay cybercriminals, as it encourages them to continue their bad behavior and infect more peoples’ devices. It is better to find a decryptor on the internet; some of them are available for free through No More Ransom.
• Always have updated backup copies of your files, to be able to replace them in case they are lost (e.g. due to malware or a broken device). Store your backups not only on a physical device, but also in cloud storage for greater reliability. Don’t forget to protect your cloud storage with strong password!
• For business users, enhance your preferred third-party security solution with the newest version of the free Kaspersky Anti-Ransomware Tool.
• To protect the corporate environment, educate your employees and IT teams, keep sensitive data separate, restrict access, and always back up everything.
• Use a dedicated security solution, such as Kaspersky Endpoint Security for Business, which is powered by behavioral detection and able to roll back malicious actions. It should also include vulnerability and patch management features that automatically eliminate vulnerabilities and install updates. 
• Lastly, remember that ransomware is a criminal offense. If you become a victim, report it to your local law enforcement agency.

Read the full version of the Kaspersky Lab’s IT threat evolution report on Securelist.com.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Media Contact
Meghan Rimol
781.503.2671
meghan.rimol@kaspersky.com