You are here: Home » Current Affairs » News » National
Business Standard

Cyber attack alert! Malware 'Wannacry' is spreading: Know all about it

Nearly hundred countries, including India, have been hit by a massive cyber-attack

BS Web Team/Agencies  |  New Delhi 

Sony attack, CYBER CRIME, HACKING
Researchers at BAE Systems and Symantec say that some of the software and internet infrastructure in the global effort was also used in the Sony attack. Photo: iStock

Nearly 100 countries, including India, have been hit by a massive cyber-attack, which, according to experts, was carried out with the help of "cyber weapons" stolen from the US' Security Agency. The was first reported from Sweden, Britain and France, US media outlets reported. Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

It has been reported that a new ransomware, "Wannacry", is spreading widely. Wannacry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named ETERNALBLUE.

The ransomware WannaCrypt or WannaCry encrypts the computer's hard disk drive and then spreads laterally among computers on the same LAN. The ransomware also spreads through malicious attachments to emails.

An increase in activity of the malware was noticed on Friday, security software company Avast reported, adding that it "quickly escalated into a massive spreading". 

Within hours, over 75,000 attacks have been detected worldwide, the company said. Meanwhile, the MalwareTech tracker detected over 100,000 infected systems over the past 24 hours. 

According to cyberswachhtakendra, the file extensions that malware 'Wannacry' is targeting contain certain clusters of formats like:

Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).

Less common and nation-specific office formats (.sxw, .odt, .hwp).

Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)

Emails and email databases (.eml, .msg, .ost, .pst, .edb).

Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).

Developers' sourcecode and project files (.php, .java, .cpp, .pas, .asm).

Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).

Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).

Virtual machine files (.vmx, .vmdk, .vdi).

After infecting, this displays following screen on infected system:

cyber attack, malware, ransomware, wannacry

Ransomware is writing itself into a random character folder in the 'ProgramData' folder with the file name of "tasksche.exe" or in 'C:\Windows\' folder with the file-name "mssecsvc.exe" and "tasksche.exe".

Ransomware is granting full access to all files by using the command:
Icacls . /grant Everyone:F /T /C /Q

Using a batch script for operations:
176641494574290.bat

It also drops a file named !Please Read Me!.txt which contains the text explaining what has happened and how to pay the ransom.

cyber attack, malware, ransomware, wannacry

RECOMMENDED FOR YOU