The recent WannaCry epidemic was one of the most widespread cyber attacks in history, but was thought to have been brought to a halt last week. However, like the plot of a bad '80s movie, hackers are attempting to resurrect the malware.
The Original Fix
When WannaCry first infects a computer it reaches out to a seemingly random web address as part of a test to make sure it is not under scrutiny. Hutchins discovered that by registering the domain name found in the malware's code he was able to shut down the program by turning the domain into a "sinkhole" site used by cybersecurity experts to safely contain the malware.
An Army Of Bots
Unsurprisingly, as soon as the news of the fix went public, hackers began working to take the site down using DDOS attacks. The hackers used webcams, modems, and other internet-enabled devices that had been infected with the Mirai malware into tools to flood the sinkhole site with traffic in order to bring it down so that WannaCry could be brought back online.
"Pretty much as soon as it went public what had happened, one of the Mirai botnets started on the sinkhole," Hutchins told Wired.
Today's Sinkhole DDoS Attack pic.twitter.com/wxT2YUrdOF
— MalwareTech (@MalwareTechBlog) May 18, 2017
Cybersecurity experts have managed to fight off the DDOS attacks, but if they fail then WannaCry could make a comeback though it wouldn't be instantaneous. The malware stops searching for new victims 24 hours after it is installed on a computer. However, when those machines are rebooted then the program would be reactivated.
"The ones that were successfully encrypted are in this zombie state, where they're waiting to be reactivated if that domain goes away," said Matt Olney, a researcher for the cybersecurity company Cisco.
Some People Just Want To Watch The World Burn
While the original group behind the spread of WannaCry was acting for financial gain, Hutchinson said he does not believe this new group is connected to them. Rather, he thinks they are simply doing this for the amusement of watching the virus spread.
"They've obviously got no financial incentive," said Hutchins. "They're not the ransomware developers They're just doing it to cause pain."
While these hackers may seem like little more than immature internet trolls, they're actions could have severe real-world consequences. Britain's National Health Service reported that the WannaCry attacks resulted in thousands of appointments and operations being cancelled.