Cyber attack alert! Malware ‘Wannacry’ is spreading: Know all about it

1487017434-9808.jpg
 
Nearly 100 countries, including India, have been hit by a massive cyber-attack, which, according to experts, was carried out with the help of “cyber weapons” stolen from the US’ National Security Agency. The cyber attack was first reported from Sweden, Britain and France, US media outlets reported. Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.It has been reported that a new ransomware, “Wannacry”, is spreading widely. Wannacry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named
 
According to cyberswachhtakendra, the file extensions that malware ‘Wannacry’ is targeting contain certain clusters of formats like:
 
Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
Less common and nation-specific office formats (.sxw, .odt, .hwp).
Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
Emails and email databases (.eml, .msg, .ost, .pst, .edb).
Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
Virtual machine files (.vmx, .vmdk, .vdi).After infecting, this displays following screen on infected system:
1494673456-1144.jpg
 
Ransomware is writing itself into a random character folder in the ‘ProgramData’ folder with the file name of “tasksche.exe” or in ‘C:\Windows\’ folder with the file-name “mssecsvc.exe” and “tasksche.exe”.
Ransomware is granting full access to all files by using the command:
Icacls . /grant Everyone:F /T /C /Q
Using a batch script for operations:
176641494574290.bat
 
It also drops a file named !Please Read Me!.txt which contains the text explaining what has happened and how to pay the ransom.(READ MORE)

Comments

Popular posts from this blog

Infinix Smart 2 review: 'Value for money' smartphone with tall 18:9 screen

Year in review: From OnePlus to Asus, best midrange flagship phones of 2019

OnePlus 8 review: Meaningful innovations elevate experience, justify price