WannaCry Ransomware Clones Still a Threat to US Schools

Ransomware does not only target high-profile companies and lucrative businesses that are expected to pay substantial amounts of money as a ransom. Ransomware strains like WannaCry and its myriad offshoots are very much a threat to public organizations and networks, including state and municipal networks, as well as the networks of schools and universities. The reason why so many of those ransomware attacks are so successful is simple - a staggering number of networks, including those of state-operated organizations like schools, are still using heavily outdated software, most notably old versions of Windows that lack many security patches and upgrades.

WannaCry stays alive

Following the recent early 2019 ransomware attacks on municipal networks in multiple cities in the US, including the RobinHood attack on Baltimore and the Bitcoin mining malware attack against the Boston Public Defenders Office, ransomware is now wreaking havoc in the school system. There are a considerable amount of Windows systems that are still vulnerable to ransomware attacks, in particular WannaCry, despite the fact that Microsoft released a patch and issued warnings and urged users to patch servers against the known exploit.

There are still hundreds, possibly thousands of Windows-based server machines that are used by US public schools and that are still unpatched and vulnerable. Part of the problem is that even systems that have applied the Server Message Block or SMB file sharing protocol patches, certain hardware vendors still require the protocol to have fully functional networked scanners and copy machines. ArsTechnica reports that its own investigation in the wake of the Baltimore malware attacks revealed eight servers in public Baltimore schools that were vulnerable to EternalBlue - a component of the WannaCry ransomware.

WannaCry clones propagate around the nation

Further investigation revealed that a number of schools, not just in Baltimore, but across the US, had systems that were directly accessible from the Internet and were vulnerable to several different attacks. Those include networks in California and Washington. There is no information on what other critical security updates those systems and networks might be missing but the fact that they are vulnerable to WannaCry attacks years after an official patch was released from Microsoft is not a good indication of system health.