Hackers Revving Up WannaCry Ransomware Again Through Repetitive Mirai Botnet Attacks

The now-famous WannaCry Ransomware (WanaCrypt, WanaCrypt0r, WannaCrypt0r) attack has been a nightmare for hundreds of thousands of computer users around the world in the recent weeks. WannaCry spread viciously through certain Internet channels landing on computers only to demand a ransom after crippling victimized systems. Some of the crippled systems ranged from transportation computers to healthcare operations in about 150 different countries.

Over the recent week or two WannaCry has slowed for various reasons, including many computer users becoming aware of the grave dangers that come with having a vulnerable PC susceptible to a WannaCry attack. However, hackers have taken matters into their hands again to reignite the WannaCry outbreak by launching constant Botnet attacks, some of which may spread countless spam emails with ransomware-infected attachments.

Hackers have set out to direct armies of zombie devices, or what we technically describe as Botnets. Botnets are essentially groups of computers that have been infected with specialized malware to carry out specific activities over the Internet. Botnet computers usually come in groups and are all instructed to attack other systems or infect networked computers with additional malware. In the case of WannaCry, a series of Botnets are being revved up to funnel traffic to the 'kill-switch' that was created to curtail WannaCry. The traffic will essentially curtail the kill-switch by knocking its domain offline and reactive some of WannaCry's dormant infections.

WannaCry Slows Down But Not For Long

The curtailment of WannaCry's kill-switch, which was put in place to slow the spread and massive destruction of WannaCry around the world, appears to be a priority for hackers in the recent days. In fact, the use of the Mirai Botnet, a computer worm that has long been known to target outdated large-scale networks to remotely control compromised computers, was initiated not long after the proliferation of WannaCry.

Through aggressive DDoS attacks carried out by the new Botnets, anything standing in the way of WannaCry's reactivation appears to be thwarted. Though, not all WannaCry infections would re-initiate if the DDoS attacks prove to be successful. WannaCry Ransomware seems to stop scanning a period of 24 hours after initial installation. However, once one of the infected machines reboots, which is a function that the botnet may prompt, the infection starts scanning again.

Just like revving up an old car that's been sitting dormant for years, WannaCry is getting a new lifeline at the hands of greedy hackers, which could initiate a new onslaught of WannaCry infections that proliferate around the world once again.

What is even scarier than the spread of WannaCry is the idea that the Mirai botnet can be packaged up and sold over the Dark Web to any wanna-be hacker who can then cause mayhem for any vulnerable computer and its user.