When Is A Ransomware Virus Not A Bad Thing To Get?
WannaCry/WannaCrypt has been roaming around the internet for a few years now, long enough that the Bitcoin wallet you are instructed to pay to get your files back is only monitored by the authorities and not by the original wastes of oxygen who started the whole thing. It is still roaming around as most, but not all of the five million or so detections have been dealt with and it might still rear it’s ugly head.
Sophos was curious about the size of that number, and how people could still be using infected machines and so set out to figure out what was going on. As it turns out, someone edited the virus in an attempt to get around the kill-switch domain discovered by Marcus Hutchins which could be used to stop encryption, and did so very poorly. The edit removed the ability of the virus to start encrypting files, essentially rendering it harmless. As an added bonus, if the original WannaCry finds it’s way onto a system with the corrupted version, it stops attempting to infect the machine and tries to spread itself to a different target.
This does not offer true immunity, as a machine could still spread the live virus to others on the network so keep your patches up to date, and as The Inquirer reminds us … never pay the ransom!
(Before you write in, we're aware that this behaviour is not exactly comparable with the immunological mechanisms of a vaccination and that it is only broadly analogous.)