More than a year after a series of ransomware attacks on hospitals and businesses, security researchers have uncovered more than 70 security vulnerabilities that could be exploited by attackers to remotely exploit a number of different devices and software on a wide range of devices.
While many of the vulnerabilities were discovered after a massive ransomware campaign that lasted from January to June of 2018, many of these vulnerabilities were already publicly known.
Security researchers from researchers at Proofpoint and Symantec discovered the full extent of these security vulnerabilities on March 10th, which marks a notable turnaround in terms of the severity of the attacks.
While many of those vulnerabilities have been fixed since, others have only been patched in the last month or so, as Symantech explained in a blog post.
In addition to the vulnerabilities listed in the Symantek post, researchers at Trend Micro, Symantepri, and CERT-CERT discovered an additional 14,000 vulnerabilities in a range of products and services, as well as a vulnerability in Windows that could allow a malicious actor to take control of a victim’s computer without their knowledge or consent.
The latest data points to the severity and extent of the attack that began in early June, when hackers began infecting hospitals and other businesses with a ransomware called WannaCry.
In addition to infecting thousands of computers, the attacks also crippled healthcare systems across the United States.
WannaCrypt, a variant of WannaTrojan that is not as well known, targeted hospitals and medical devices across the U.S., including the White House and the Department of Homeland Security.
The ransomware was also capable of infecting computers on landlines and mobile devices, and the majority of the infections occurred within a few days of the ransomware campaign.
Symantech and other researchers have also pointed out that WannaCypher, a ransomware variant that uses a similar attack vector to WannaCRY, was also responsible for an additional 20,000 ransomware infections across the world in 2018.
Symantsys report also shows that a number in the top 10 most prevalent types of ransomware on a global scale in 2018, which include ransomware variants, ransomware variants that encrypt files, ransomware ransomware variants with a payload of the .NTFS file extension, and other ransomware variants.
In terms of overall ransomware activity, the Symantsys researchers identified a total of 9,700 ransomware variants in 2018 and a total number of 6,700 different ransomware variants on a worldwide scale, which includes over 10,000 different ransomware strains and variants.
While ransomware activity on a country-by-country basis is not the only thing that could change in 2018 — the Symantaec report also mentions that ransomware has grown in the past year.
In the past six months alone, the report shows that ransomware activity has increased by approximately 3 percent globally.
Symantaec also found that the number of ransomware variants was growing in a number and areas of the world.
For instance, in the first half of 2018 alone, ransomware activity grew by a total 5 percent globally, but in the second half of the year, it grew by only 2 percent.
Additionally, the amount of ransomware infection on a local level is also increasing, which could mean that criminals are trying to leverage local vulnerabilities in the local IT infrastructure to increase their ability to carry out ransomware attacks.
According to SymantEC, there were 5,800 ransomware variants deployed across the globe in 2018 that included 4,200 variants that were either distributed through third-party distributors or by individual organizations, such as the NHS.
While Symantewise has not been able to determine the source of the WannaDuke malware, it is believed that the malware originated from China, according to a report from the cybersecurity firm Symantivirus.