WannaCry Ransomware Infects Thousands of PCs Worldwide

WannaCry Ransomware Infects Thousands of PCs Worldwide

What is WannaCry

Since Friday the 12th of May, there has been a lot of talk about cyber threats the world over. WannaCry, a ransomeware built on an exploit uncovered by the National Security Agency in the USA made a debut and has since raged and hijacked over 350,000 computers in over 150 countries. Victims include home and enterprise users such as banks, hospitals, telecommunications companies and government agencies. The malware exploits SMBv1 vulnerability in unpatched Windows operating systems to propagate itself across networks. It is this singular ability that has made its effect so far reaching and damaging.

The first strain of WannaCry that emerged on Friday was sink-holed by a 22-year old security analiyst who calls himself MalwareTech, who accidentally activated a killswitch that had been built into the ransomware. Activating the killswitch stopped WannaCry from self-propagating, giving us all a much needed breather for a moment. But that break although useful was short lived. New variants of WannaCry have since emerged, two of which have already been sink-holed successfully.

At the time of writing this report, another variant of WannaCry has been on the rage and is said to have  infected 40,000 computers already.

What is a Ransomware

If you’re wondering what a ransomware is, don’t look too far. A ransomware is a malicious software that is designed to lock down computer systems by encrypting files; it then demands payment from the computer users before decrypting files to restore access. See how ransomware works in the video below.

How Ransomware Works Video

Ransomware poses threat to 200 million WhatsApp users.

Ransomware poses threat to 200 million WhatsApp users.

Vulnerability does not affect the mobile version of the application.

 

The web-based extension of the WhatsApp application is infected with a bug that has potentially put 200 million users at risk.

According to security firm Check Point, the malware includes ransomware, which can block access to the application and demands victims pay a fee to regain access to their files.

The security company highlighted that the vulnerability has occurred due to improper filtering of contact cards, sent using the popular ‘vCard’ format.

The attacker just needs to send a legitimate looking virtual business card to the target’s mobile number, which might have been obtained through another breach or attack.

Once the user clicks the contact card, a file will be downloaded containing malicious code that will run on the victim’s machine distributing bots, ransomware, RATs, and other malwares.

The security company informed the security flaw to the Facebook owned company.

Check Point security research group manager Oded Vanunu “Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client.”

Source : cbronline.com

Malware holds pornographic app users to ransom.

Malware holds pornographic app users to ransom.

$500 is demanded to unlock the victim’s device.

An Android app called Adult Player has been subjected to ransomware attacks, resulting in secret photos being taken of users who are using the app to look at pornographic images.

Under the ransomware attack, Adult Player silently takes a photo of the user and displays it along with a ransom message. It demands $500 to unlock the victim’s device.

Zscaler said the ransomware does not allow the victim to uninstall the app or reboot the device, as in some cases the ransomware app becomes active immediately after reboot.

However, the company said there is a way to get rid of the malicious software without paying money.

The phone must be started up in safe mode, which boots the device with default settings without running third party apps.

Users should first remove administrator privilege while uninstalling ransomware from a device.

Zscaler urged users to download apps only from trusted app stores like Google Play to avoid being victim of such ransomware.

Veracode principal solution architect John Smith said: “Similar to the Ashley Madison data breach earlier this summer, this case once again demonstrates how our online footprint puts our most personal moments and decisions at risk of entering into the public eye.

“However, from a security industry perspective, what is perhaps most concerning is to see the growing prevalence of ransomware in the mobile space.”

“Previously ransomware typically focussed on denying the victim access to their data – encrypting it and demanding payment to decrypt.

“This latest incarnation seems to take this a step further by exploiting the capabilities of the phone to also capture images of the victim in an embarrassing context, adding a further potential for blackmail.”

Last month, Intel Security said examples of ransomware grew 127% since last year with primary affects on laptops and desktop computers.

Source : cbronline