Cyber attack alert! Malware ‘Wannacry’ is spreading: Know all about it
Nearly 100 countries, including India, have been hit by a massive cyber-attack, which, according to experts, was carried out with the help of “cyber weapons” stolen from the US’ National Security Agency. The cyber attack was first reported from Sweden, Britain and France, US media outlets reported. Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.It has been reported that a new ransomware, “Wannacry”, is spreading widely. Wannacry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named
According to cyberswachhtakendra, the file extensions that malware ‘Wannacry’ is targeting contain certain clusters of formats like:
Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
Less common and nation-specific office formats (.sxw, .odt, .hwp).
Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
Emails and email databases (.eml, .msg, .ost, .pst, .edb).
Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
Virtual machine files (.vmx, .vmdk, .vdi).After infecting, this Wannacry ransomware displays following screen on infected system:
Ransomware is writing itself into a random character folder in the ‘ProgramData’ folder with the file name of “tasksche.exe” or in ‘C:\Windows\’ folder with the file-name “mssecsvc.exe” and “tasksche.exe”.
176641494574290.bat
Ransomware is granting full access to all files by using the command:
Icacls . /grant Everyone:F /T /C /Q
Using a batch script for operations:Icacls . /grant Everyone:F /T /C /Q
176641494574290.bat
It also drops a file named !Please Read Me!.txt which contains the text explaining what has happened and how to pay the ransom.(READ MORE)
Comments
Post a Comment