Global technology security company, Avast, has said the WannaCry Cyber-attack is the worst outbreak of its kind in the history.
In a blog post detailing how the attack started and spread, Avast explains that the ransomware spread by replicating itself rapidly from one computer to the next on a network, especially in organisations. Malicious software that spreads this way is called a “worm”.
The WannaCry cyber attack, Avast said, started Friday 12 May, infecting about 10,000 computers an hour:
We observed 10,000 detections per hour, shortly after the outbreak, which is a really high number for a single malware strain.
After a malware researcher pressed the kill switch, which we will describe later in this post, the number of detections significantly decreased to approximately 2,000 per hour, late Friday afternoon. The ratio has been decreasing since then and we hope that this trend will continue.
…it’s hard to describe the buzz that appeared [on Friday when the cyber attack started] as all of us started doing our best to deal with the outbreak. At the end of the day it was already obvious that we had just encountered the worst ransomware outbreak in history.
Avast however said that the WannaCry ransomware did not target anyone organisation in particular.
The Kill Switch mentioned is a domain name which WannaCry would check for existence to decide if to keep spreading. The people behind the attack (speculated to be North Korean hackers) built into WannaCry, this ability for it to stop spreading once the domain was live.
A technology researcher on the Twitter handle MalwareTech, discovered the kill switch, ensuring that that the spread stopped. It is important to not however that only that particular strain was stopped. It is possible that other strains of the virus are still active.