The WannaCry ransomware broke out in many countries and regions around the world in the middle of last year, which infected a large number of individuals and business users in a very short time.
WannaCry’s massive infection benefited from the eternal blue vulnerability leaked by shadow brokers, although Microsoft released security updates, however many users have not installed it.
It’s been 18 months since the initial outbreak, but until now there are still hundreds of thousands of users infected with WannaCry ransomware.
The WannaCry will initially verify a reserved unregistered domain name. If the virus cannot connect to the domain name, it will continue to destroy and infect.
In the beginning, some researchers found the domain name switch and registered the domain name. After registration, WannaCry was able to connect to the domain name, so the momentum of the communication immediately declined.
Researchers can also use this domain name to monitor WannaCry infections, which until now have received 17 million connections per week.
There are more than 630,000 unique visitors per week from 194 countries and regions around the world, which means that there are more than 630,000 computers infected every week.
As mentioned above, the WannaCry domain name switch has been registered, so after the network detects the domain name, although the virus will run in the background, it will not encrypt files.
For the enterprise intranet, if the external network cannot be connected, the file will be encrypted, and the intranet worm propagation will be relatively more convenient.
Many internal machines do not install security updates and use the ancient system all the year round. Once invaded, all machines on the intranet will be infected at the same time.
Therefore, in addition to upgrading the system and repairing vulnerabilities, it is also important to back up important files on a daily basis so as not to be reluctant to think about countermeasures.