The exploit behind the WannaCry ransomware is still a threat

2025-04-27 23:16:17admin

It's been a year since the WannaCry ransomware swept the globe, encrypting computers and wreaking havoc in the process. So you might think we'd have the vulnerability it exploited neatly wrapped up by now.

You'd be wrong.

Despite the potential billions of dollars in damage caused by the likely North Korean ransomware, hundreds of thousands of computers around the globe are still vulnerable to similar attacks — and that's probably not going to change any time soon.

SEE ALSO: Ransomware has been around for almost 30 years, so why does it feel like it's getting worse?

WannaCry hit the world hard on May 12, 2017. It wasn't long before security researchers determined that the reason it was able to spread so quickly from computer to computer — like those at UK hospitals — was because of an exploit once hoarded by the NSA: EternalBlue.

But here's the thing: EternalBlue was patched by Microsoft beforeWannaCry hit. We learned this in April of 2017 when, following the news that the Shadow Brokers hacking group dumped a bunch of stolen NSA exploits, a Microsoft official told us we were all good.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

A map of WannaCry's spread reminds us just how bad it was. Credit: SCREENSHOT/MALWARETECH

"We've investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products," a spokesperson told us at the time. "Customers with up-to-date software are already protected."

Yet WannaCry, fueled by EternalBlue, still came. The problem, of course, was unpatched systems. And you've guessed it — many systems remain vulnerable to this day.

"We estimate a wide variety of hundreds of thousands of untreated and dormant Microsoft Windows infections maintain a foothold and are responsible for the residual and continued propagation of WannaCry," explained security research firm Kyptos Logic this April, "which by our dataset analysis and estimates reach several (potentially tens of) million systems through an ebb and flow infection cycle every month."

When Kryptos Logic speaks about WannaCry, you should listen. It was one of the company's employees, Marcus Hutchins, who managed to stop the initial wildfire spread of the ransomware last year by finding and activating a so-called kill switch.

So where does this leave us? Always make sure your operating system is up to date. The rest of it, unfortunately, is mostly out of your hands.

That doesn't mean there isn't a lesson to be learned, albeit a grim one: Even after vulnerabilities are patched, they still pose a threat. In the world of ransomware, you can never let your guard down.

Featured Video For You

From ATMs to printers, hackers prove you can play 'Doom' on anything