Check Point researchers have been investigating the ransomware campaign in detail since it was first reported. The researchers were able to track 34,300 attack attempts in 97 countries. The average pace as of today is one attempt in every three second – indicating a slight decline since the original pace registered two days ago, of one attempt per second. The top country from where attack attempts were registered is India, followed by the USA and Russia.
Doros Hadjizenonos, country manager of Check Point South Africa said, “Although we see it slightly slowing down, WannaCry still spreads fast, targeting organisations across the world. WannaCry is a wakeup call, showcasing how damaging ransomware can be and how quickly it can cause disruption to vital services.”
The Check Point threat intelligence and research team recently announced the registration of a new kill-switch domain used by a fresh sample of WannaCry. The live Check Point WannaCry ransomware infection map shows key threat statistics and country-specific data in real time. Registration of the domain activated the kill-switch, safeguarding tens of thousands of would-be victims against the ransomware’s damage.
The company's researchers found that those affected by WannaCry are unlikely to retrieve their files, even if they do pay the ransom. A problematic payment and decryption system and false demo of the decryption operation puts into question the capability of WannaCry’s developers to deliver on their promises to decrypt files.
So far, the three bitcoin accounts associated with the WannaCry campaign have accumulated approximately $77,000. Despite this, and unlike many other ransomware types, not a single case has been reported of anyone receiving their files back.
