When WannaCry ransomware attacked the UK, it disrupted personal PCs, businesses, and organisations like the NHS. AVG Business by Avast stepped in to protect users with swift action and proactive solutions.
We started tracking a version of WannaCry in February. On May 12, at 7am BST, we detected the ransomware as it began spreading globally at 10,000 detections per hour. Our technologies immediately recognised and blocked its components, even on vulnerable systems. The ‘Behavior Shield’ in Avast Antivirus, or ‘Identity Protection’ in AVG AntiVirus, detected unusual activity and stopped the malware before it caused harm.
After the initial attack, we identified over 350 WannaCry variants. We blocked the ransomware 250,000 times in nearly 120 countries. Our approach used manual string detections, automated responses, and behaviour-based analysis to ensure complete protection for our customers and partners.
Within six days, we discovered 15% of Windows systems still carried the MS17-010 vulnerability exploited by WannaCry. These systems lacked the necessary patch from Microsoft. This vulnerability allowed WannaCry to infect systems without user action. Devices only needed to be unpatched and connected to the internet or an infected network to be compromised.
Our Threat Intelligence teams acted quickly to detect and block the malware. We shared updates through the Avast blog and received media coverage, including our CEO’s interview on CNN.
Even though WannaCry received global attention, we stopped 100,000 attacks daily during its peak. On a regular day, we block over 100 million threats. This attack highlights how we actively protect users every hour, every day.