Cyber attack alert! Malware ‘Wannacry’ is spreading: Know all about it

Nearly hundred countries, including India, have been hit by a massive cyber-attack

 1487017434-9808.jpg
Nearly 100 countries, including India, have been hit by a massive cyber-attack, which, according to experts, was carried out with the help of “cyber weapons” stolen from the US’ National Security Agency. The cyber attack was first reported from Sweden, Britain and France, US media outlets reported. Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

It has been reported that a new ransomware, “Wannacry”, is spreading widely. Wannacry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named

According to cyberswachhtakendra, the file extensions that malware ‘Wannacry’ is targeting contain certain clusters of formats like:
Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
Less common and nation-specific office formats (.sxw, .odt, .hwp).
Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
Emails and email databases (.eml, .msg, .ost, .pst, .edb).
Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
Virtual machine files (.vmx, .vmdk, .vdi).

After infecting, this displays following screen on infected system:

1494673456-1144.jpg
Ransomware is writing itself into a random character folder in the ‘ProgramData’ folder with the file name of “tasksche.exe” or in ‘C:\Windows\’ folder with the file-name “mssecsvc.exe” and “tasksche.exe”.

Ransomware is granting full access to all files by using the command:
Icacls . /grant Everyone:F /T /C /Q

Using a batch script for operations:
176641494574290.bat

It also drops a file named !Please Read Me!.txt which contains the text explaining what has happened and how to pay the ransom.(READ MORE)
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s