The destructive ransomware has caused chaos and it may be that cyberattackers want to continue capitalizing on the malware.
Researchers have identified hundreds of WannaCry ransomware samples in the wild, malware responsible for debilitating attacks on health services and companies last week.
According to Trustlook, a total of 386 malware samples in the wild have been recorded to date.
WannaCry, hitting the headlines last week after striking hundreds of thousands of victims in at least 150 countries, is ransomware which targets legacy Microsoft Windows operating systems to lock vulnerable machines and demand ransom payments in the virtual currency Bitcoin in return access.
The malware utilizes the EternalBlue exploit, leaked from the Shadow Brokers NSA cache earlier this year. The exploit leverages a now-patched security vulnerability in the Windows Server Message Block (SMB) protocol, scanning 445 file sharing ports from Windows endpoints for access to the Internet and enabling the download and execution of ransomware and other malicious programs.
It is possible that so many malware samples have emerged due to the updated packing of exploit kits currently available to introduce WannaCry into these toolsets. The first examples of WannaCry, predating the version used in recent attacks which propagates like a worm, dates back to February this year.
After taking down a number of UK National Health Service (NHS) trust and hospital systems, Microsoft issued an emergency patch in what is an unusual move for legacy, unsupported operating systems.
Systems affected by the ransomware that are still in the update cycle were at least two months' behind on security updates.
If you have not updated your Windows machine or are unsure of how to proceed, check out our guide on ways to protect yourself against WannaCry.
"This attack is unprecedented in scale," said Allan Zhang, co-founder and CEO of Trustlook. "Windows users and administrators should ensure that their systems are updated with the latest security patches to help prevent further infections and to slow the spread of the ransomware."
To take a look at the hashes for each file, head over to Trustlook's blog. The company has also released a standalone tool to scan and vaccinate potentially vulnerable Windows machines which can be found on GitHub.