Why the hell WannaCry is still here?!

Why the hell WannaCry is still here?!

2 Minutes Read Updated on May 21, 2025

 

According to December 2018 Top 10 Malware report, WannaCry malware holds the dubious lead of malware breakdowns with 28%. WannaCry total damage is estimated by 4 billion $

But as WannaCry might be “old news” in malware breakdown reports, another malware, abusing the same SMB protocol, Brambul, is now in 3rd place with 12% of malware breakdowns. Although Brambul is also quite “old”, this is her first entrance to the report, suggesting that it is still very relevant.

Top 10 malware breakdown pie chart for December 2018, according to the CIS. WannaCry holding first place with 28%.

WannaCry first appearance was in May 2017, attacking Microsoft Windows operating systems by encrypting data and demanding ransom payments. Impact estimations were around 200,000 computers that were infected across 150 countries, including the National Health Services hospitals in England and Scotland. North Korea was blamed to be the directed responsible for the attack.

Disable SMBv1: Understanding Risks and Remediation Steps

Although new in the Top 10 list, Brambul malware is even older than WannaCry and was first observed in 2009. Similar to WannaCry, Brambul malware also origins in North Korea.

Both WannaCry and Brambul are Server Message Block (SMB) worms. They spread through the SMB, which is Window’s file- sharing protocol that enables shared access between users and network.

“The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage” (MSFT Technet).


It is totally absurd that WannaCry malware is still causing so much damage these days, especially with such good solutions available in the market.

The absurd in this report is that in September 2016 the first security update regarding SMBv1 server was published by Microsoft, followed by another update only six months later. Check out our blog- post about mitigating WannaCry through SMBv1 disabling, published already in May 2017. So how come we are at 2019 and SMB worms are still so relevant?

Disabling SMBv1 is very complicated as it has dozens, if not hundreds of dependencies. An in-depth test must be performed before disabling it, and that might be the reason it still exists. Although Microsoft really wants organizations to get rid of it, the complexity in implementing those security updates might win in the battle between risks taking and efforts investment.

Letting an already solved vulnerability be so relevant and so harmful sounds unreal. Check out here how you can automate SMBv1 mapping and disabling with CalCom hardening automation learning capabilities.  

Properties:

https://www.npr.org/sections/thetwo-way/2017/12/19/571854614/u-s-says-north-korea-directly-responsible-for-wannacry-ransomware-attack

https://calcomsoftware.com/mitigate-wannacry-smbv1-disabling-hardening/
Ben Balkin
Ben Balkin is a professional writer and blogger specializing in technology and innovation. As a contributor to the Calcom blog, Ben shares practical insights, useful tips, and engaging articles designed to simplify complex processes and make advanced technological solutions accessible to everyone. His writing style is clear, insightful, and inspiring, reflecting his strong belief in technology's power to enhance quality of life and empower businesses.

Related Articles

SQL Server MSDB Databases, Agent Proxies and Public Roles

SQL Server MSDB Databases, Agent Proxies and Public Roles

June 14, 2024

What are SQL Server msdb databases, agent proxies and the public roles   SQL Agent proxies…

Anonymous User Security for Everyday Users

Anonymous User Security for Everyday Users

May 28, 2024

What is anonymous access? Windows permits an anonymous user to carry out specific actions, such…

BlueKeep- Don’t let your RDP be the next breach’s smoking gun

BlueKeep- Don’t let your RDP be the next breach’s smoking gun

June 10, 2019

Wormable RDP vulnerability gave the wrongly assumed safe RDP protocol a reality check. However, the…

Ready to simplify compliance?

See automated compliance in action—book your demo today!

Share this article