Jump to content

Recommended Posts

  • ExTS Admin
Posted

Security researchers have discovered several variants

 

http://i.imgur.com/msdzLOJ.png

 

As expected, the WannaCry ransomware is not even close to being done, despite one researcher discovering a convenient kill switch.

Other variants have already been discovered in the wild, some with a different kill switch, some with none at all.

 

After security researcher going by the Twitter handle MalwareTech discovered that by purchasing a random domain name the initial spread of the WannaCry ransomware was stopped, it was expected that the attackers would simply remove this domain from the code, add another or just leave the code free of such an easy way out.

 

Multiple researchers have confirmed that such variants are available online and coming after Internet users everywhere.

 

http://i.imgur.com/hN9Op0M.jpg

 

New variants today are now spreading with a modified kill-switch domain.

Someone, likely different to the original attackers, made a very small change to the malware so it connects to a slightly different domain.

That allowed it to continue propagating again," Chris Doman, security researcher at AlienVault, told us.

Thankfully some researchers are already registering the new domains as they identify them.

The cat-and-mouse will likely continue until someone makes a larger change to the malware, removing the kill-switch functionality completely.

At that point, it will be harder to stop new variants."

 

What is WannaCry?

 

WannaCry is a ransomware that is a lot stronger than other similar malware due to the worm component that helps it spread through networks.

This is the main reason why computers in the NHS network went down one after another, or why Renault had to stop production at multiple sites.

Once one computer in a network it infected, it's only a matter of time before the rest are too.

Other companies have also suffered, including FedEx and Telefonica, as well as Germany's railway system.

 

At this point in time, over 200,000 computers have been affected in over 150 countries, despite the kill switch.

 

The only solution to block this attack is to update your operating system or to make sure you have an anti-malware solution installed to protect you from the malware.

Even though this is a nasty ransomware, it's still detectable and, therefore, easy to block.

 

Microsoft has released a patch to fix the vulnerability back in April.

This vulnerability was actually exposed by a hacker group called Shadow Brokers who dumped online a series of documents belonging to the NSA which detailed a zero-day exploit.

Security researchers warned at the time that it wouldn't be too long before an attack was deployed.

 

Following the launch of the WannaCry attack, Microsoft went ahead and released a patch for Windows XP and Server 2003, even though both were no longer supported.

 

 

Source:

http://news.softpedia.com/news/wannacry-ransomware-variant-with-no-kill-switch-discovered-515693.shtml

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...