Mumbai: Last year WannaCry created havoc across the globe and due to its lateral movement; it had penetrated into the networks and skipped across the countries and continents. Furthermore, the security community has been highly proactive in taking down the infrastructure associated with WannaCry, however, due to its ability to move across networks, eScan observes that it still exists in its dormant form.
eScan ‘s telemetry servers have been picking up reminiscent artefacts of WannaCry ransomware on regular basis.
Over the period of last few months, we have observed a steady decrease of incidents involving WannaCry and hopefully by the year end WannaCry should meet the same fate as that of Conflicker worm / DNS changer botnet.
We have been observing various variants and newer ransomware being added into the family, however very few have seen active development, viz. GandCrab and ZZZ* . In last few weeks, GandCrab has taken a center-stage and is evolving at a much faster rate, which suggests that the ransomware developer / criminal nexus is growing stronger and many of the criminals are now switching their loyalties to GandCrab due to the sheer fact that the developers are taking keen interest and adding numerous weapons to its arsenal.
The next step of evolution for ransomware would be cryptominers with info stealers and a ransomware all bundled into one.