WannaCry Ransomware Sinkhole Data Now Available to Organizations

[Faybert]

Content source

https://www.bleepingcomputer.com/news/security/wannacry-ransomware-sinkhole-data-now-available-to-organizations/

Kryptos Logic, the cyber-security firm running the main WannaCry sinkhole, announced today plans to allow organizations access to some of the WannaCry sinkhole data.
The security firm cites recurring WannaCry ransomware infections that are still taking place at various companies, even eleven months after the first WannaCry outbreak in May 2017.

For example, Boeing, Connecticut state agencies, Honda, and Victoria state police suffered WannaCry infections long after Kryptos Logic researcher Marcus "MalwareTech" Hutchins registered the WannaCry killswitch domain, effectively stopping the global outbreak on May 12, last year.
Unpatched systems keep WannaCry alive
Since then, new WannaCry infections have been popping at organizations here and there, while traffic to the killswitch domain has shown "little signs of slowing down," according to a Kryptos Logic.

"We estimate [...][that] hundreds of thousands of untreated and dormant Microsoft Windows infections maintain a foothold and are responsible for the residual and continued propagation of WannaCry," researchers said today.
....
....

Kryptos Logic launches Telltale
To address this issue, Kryptos Logic released today a tool named Telltale that offers organizations access to free WannaCry sinkhole data and additional tools.

Companies can use Telltale to monitor their IP address ranges for hits to the WannaCry sinkhole, which in turns allows system administrators to track down local machines infected by the WannaCry worm on their network. These machines are infecting other unpatched systems or
could, at any time, turn into an internal ransomware outbreak, similar to what happened at Honda or Boeing this past year.
.......
......