WannaCry Ransomware Version 2.0 Arrived

WannaCry Ransomware Version 2.0 Arrived

WannaCry Ransomware Version 2.0 Arrived. By The Hackers News.

If you are following the news, by now you might be aware that a security researcher has activated a “Kill Switch” which apparently stopped the WannaCry ransomware from spreading further.

But it’s not true, neither the threat is over yet. However, the kill switch has just slowed down the infection rate.

Updated: Multiple security researchers have claimed that there are more samples of WannaCry out there, with different ‘kill-switch’ domains and without any kill-switch function, continuing to infect unpatched computers worldwide.

WannaCry Code

WannaCry Code

WannaCry Ransomware Version 2.0 Arrived

So far, over 237,000 computers across 99 countries around the world have been infected, and the infection is still rising even hours after the kill switch was triggered by the 22-years-old British security researcher behind the twitter handle ‘MalwareTech.’

For those unaware, WannaCry is an insanely fast-spreading ransomware malware that leverages a Windows SMB exploit to remotely target a computer running on unpatched or unsupported versions of Windows.

Computer Infected Worldwide

Computer Infected Worldwide

WannaCry Ransomware Version 2.0 Arrived

Once infected, WannaCry also scans for other vulnerable computers connected to the same network, as well scans random hosts on the wider Internet, to spread quickly.

The SMB exploit, currently being used by WannaCry, has been identified as EternalBlue, a collection of hacking tools allegedly created by the NSA and then subsequently dumped by a hacking group calling itself “The Shadow Brokers” over a month ago.

If NSA had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.

Edward Snowden

300 Dollars for your data

300 Dollars for your data

WannaCry Ransomware Version 2.0 Arrived

MalwareTech accidentally halted the global spread of WannaCry by registering a domain name hidden in the malware.

hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

The above-mentioned domain is responsible for keeping WannaCry propagating and spreading like a worm, as I previously explained that if the connection to this domain fails, the SMB worm proceeds to infect the system.

Fortunately, MalwareTech registered this domain in question and created a sinkhole – tactic researchers use to redirect traffic from the infected machines to a self-controlled system.
Updated: Matthieu Suiche, a security researcher, has confirmed that he has found a new WannaCry variant with a different domain for kill-switch function, which he registered to redirect it to a sinkhole in an effort to slows down the infections.

hxxp://ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com/

The newly discovered WannaCry variant works exactly like the previous variant that wreaked havoc across the world Friday night.

But, if you are thinking that activating the kill switch has completely stopped the infection, then you are mistaken.

Since the kill-switch feature was in the SMB worm, not in the ransomware module itself., “WannaCrypt ransomware was spread normally long before this and will be long after, what we stopped was the SMB worm variant,” MalwareTech told The Hacker News.

You should know that the kill-switch would not prevent your unpatched PC from getting infected, in the following scenarios:

Local Area Network Infection

Local Area Network Infection

WannaCry Ransomware Version 2.0 Arrived

  • If you receive WannaCry via an email, a malicious torrent, or other vectors (instead of SMB protocol).
  • If by chance your ISP or antivirus or firewall blocks access to the sinkhole domain.
  • If the targeted system requires a proxy to access the Internet, which is a common practice in the majority of corporate networks.
  • If someone makes the sinkhole domain inaccessible for all, such as by using a large-scale DDoS attack.

Raiu from Kaspersky shared some samples, his team discovered, with Suiche, who analysed them and just confirmed that there is a WannaCrypt variant without kill switch, and equipped with SMB exploit that would help it to spread rapidly without disruption.

What’s even worse is that the new WannaCry variant without a kill-switch believed to be created by someone else, and not the hackers behind the initial WannaCry ransomware.

“The patched version matt described does attempt to spread. It’s a full set which was modified by someone with a hex editor to disable the kill switch,” Raiu said.

“Given the high profile of the original attack, it’s going to be no surprise at all to see copycat attacks from others, and perhaps other attempts to infect even more computers from the original WannaCry gang. The message is simple: Patch your computers, harden your defences, run a decent anti-virus, and – for goodness sake – ensure that you have secure backups.” Cyber security expert Graham Cluley said.

Expect a new wave of ransomware attack, by initial attackers and new ones, which would be difficult to stop, until and unless all vulnerable systems get patched.

 

Get Prepared: Upgrade, Patch OS & Disable SMBv1

MalwareTech also warned of the future threat, saying “It’s very important [for] everyone [to] understand that all they [the attackers] need to do is change some code and start again. Patch your systems now!”

“Informed NCSC, FBI, etc. I’ve done as much as I can do currently, it’s up to everyone to patch,” he added.

As we notified today, Microsoft took an unusual step to protect its customers with an unsupported version of Windows — including Windows XP, Vista, Windows 8, Server 2003 and 2008 — by releasing security patchesthat fix SMB flaw currently being exploited by the WannaCry ransomware.

For god sake: Apply Patches. Microsoft has been very generous to you.

Ransomware

False Flag or Beta Test?

Mass Surveillance

NSA Ends Mass Surveillance

Clicks on the Ads Keep Us Alive 🙂

Pills Disclosure News Italia

Miracle

There are only two ways to live your life. One is as though nothing is a miracle. The other is as though everything is a miracle.

Albert Einstein

  • 2020 Server Cost Support - 3200 € 1% 1%

Cintamani Jewels

Support Disclosure News Italia

We are working hard, and every day, to keep this blog. Like you we are fighting for the truth. If you want to work with us you are welcome, please email us! The blog costs are at our expense, advertising reimburse us very marginally so if you like our work and find it useful buy usacoffee clicking the donation button below that will directu to your PayPal. We need the help of people like you!






Bitcoin & Cryptocurrencies Donation

1M9dohWnHBwNLSPd6afRaJackrw6wK9bxY

Flower Of Life - Flower of Life Sticker Pack

Flower of Life Sticker Pack - 10 Stickers - 5 White 5 Black 9.5 x 9.5 cm

Yaldabaoth Update June 2019

Support us with a Donation

Bitcoin & Cryptocurrencies Donation

1M9dohWnHBwNLSPd6afRaJackrw6wK9bxY

Donate with Patreon

 

Follow Us

Schumann Resonance PDF Archives Download
Flower of Life 10 Sticker Pack
Disclosure News Forum

 
Web Hosting

Planetary K Index

Space Weather

Adsense

Thoth The Atlantean

 

Categories

Archives

Pin It on Pinterest