ExTS Admin Starbuck Posted May 22, 2017 ExTS Admin Posted May 22, 2017 http://i.imgur.com/BZjk1wi.png Following the emergence of the WannaCry ransomware attack campaign last week, another, possibly bigger outbreak raging predominantly across the Ukraine is underway. The culprit? A new ransomware called XData. It was spotted over the weekend by security researcher MalwareHunter. MalwareHunter is one of the people behind the ID-Ransomware service that enables users to submit ransomware samples for analysis. XData was submitted via the service. The infections with XData across Ukraine have been increasing so rapidly it has raised XData to the second most active ransomware strain, second to the ever dominant Cerber. http://i.imgur.com/uY0RwSs.jpg XData caught the attention of the team due to its rapid spread across Ukraine where, in one day, XData made four times as many victims when compared with the total for the entire week of WannaCry’s reign. http://i.imgur.com/AhJcpn8.jpg WannaCry has already infected hundreds of thousands of systems across the globe, but if you consider the current rate of XData infection in Ukraine, Russia and Germany, the global impact of XData would far outshine that of WannaCry. Meet XData TheXData ransomware was initially spotted in May 2017 and while its distribution method is currently unknown, these are the files and processes currently found on an infected host: mssql.exe msdns.exe msdcom.exe mscomrpc.exe . XData utilises AES encryption to encrypt files, to which it changes the extension to~xdata~. For example, a file named photo.png becomes photo.png.~xdata~. http://i.imgur.com/DKEJyKj.jpg Source: Bleeping Computer Once the encryption process is complete, the following ransom note appears: http://i.imgur.com/sEqxgSs.jpg Source: Bleeping Computer Unfortunately, at this stage, there is no way to decrypt files locked by the XData ransomware. Researchers will continue to look into this latest outbreak. Source: http://blog.emsisoft.com/2017/05/22/xdata/ Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.