Have you heard the expression “it ain’t over till it’s over”? Well, it matches with the ongoing situation of WannaCry ransomware attacks as researchers from TrustLook, a cyber security company have collected 386 new samples of WannaCry ransomware.
WannaCry is a wicked encryption based malware (aka ransomware) which used Server Message Block protocol (SMB) vulnerability in the Windows operating system. The malware uses EternalBlue exploit stolen from the National Security Agency (NSA) of the United States and leaked by the Shadow Brokers hacking group. Once infecting the device the malware asks users to pay a ransom payment of $300 to $600 in bitcoins.
While security researchers (the good guys) are halting WannaCry infection by identifying its kill switch, the cyber criminals (the bad guys) are coming up with new samples or trying to DDoS the existing kill switches to carry on with the infection.
“This attack is unprecedented in scale,” said Allan Zhang, co-founder, and CEO of Trustlook. “Windows users and administrators should ensure that their systems are updated with the latest security patches to help prevent further infections and to slow the spread of the ransomware.”
TrustLook has also released a free scanner and vaccine toolkit to protect Windows computers that are vulnerable to the malware. TrustLook’s toolkit can be downloaded from GitHub. Additionally, the company has published hash for each sample which can be seen here.
In their second blog post, the company has also discussed the discovery of 26 EternalRocks samples. EternalRocks is a worm which was found last week by security researchers. This worm uses the same SMB vulnerability in Windows like the WannaCry but is much more advanced and sophisticated than WannaCry could ever be since it utilizes seven NSA hacking tools while WannaCry used just two. These tools are EternalBlue, DoublePulsar, EternalChampion, EternalRomance, EternalSynergy, ArchiTouch and SMBTouch.
TrustLook has also published hash for each sample.
Other than knowing that EternalRocks can do more damage than WannaCry the detailed analysis of it is still pending. TrustLook says they are working on in-depth analysis and more details will be shared very soon.
To make sure your system is safe from ransomware attacks; make sure to follow the below mentioned steps:
Do not open an unknown email
Do not download files from an unknown email
Do not click files from an unknown email
Avoid visiting malicious sites
Do not download software and apps from a third-party store/website
Show hidden file extensions
Keep your system updated
Make sure you are using a reputable security suite
Back up your data
Use System Restore to get back to a known-clean state