WannaCry
Contents
What is WCry ransomware?
WannaCry, sometimes also called WCry or WanaCryptor is ransomware malware, meaning that it encrypts files of its victims and demands a payment to restore the stolen information, usually in bitcoin with ransom amounts ranging from $300 to $600 equivalents.
The virus can be described as ransomware like Dharma or Ryuk but with worm functionality, since it is capable of spreading itself within infected networks using the EternalBlue exploit. Additionally, the virus uses DoublePulsar exploit to upload and execute a copy of itself to a new machine.
Once WannaCry makes its way into a target computer, it begins its malicious activity by checking for a hardcoded kill switch domain - either fferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com or iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com. In the event, if one is found, the malware stops the execution. However, if a kill switch domain isn’t found, the ransomware encrypts files on the machine, following which an attempt to exploit the SMB vulnerability …
WannaCry, sometimes also called WCry or WanaCryptor is ransomware malware, meaning that it encrypts files of its victims and demands a payment to restore the stolen information, usually in bitcoin with ransom amounts ranging from $300 to $600 equivalents.
The virus can be described as ransomware like Dharma or Ryuk but with worm functionality, since it is capable of spreading itself within infected networks using the EternalBlue exploit. Additionally, the virus uses DoublePulsar exploit to upload and execute a copy of itself to a new machine.
Once WannaCry makes its way into a target computer, it begins its malicious activity by checking for a hardcoded kill switch domain - either fferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com or iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com. In the event, if one is found, the malware stops the execution. However, if a kill switch domain isn’t found, the ransomware encrypts files on the machine, following which an attempt to exploit the SMB vulnerability …
IoC
http://fferfsodp9ifjaposdfjhgosurijfaewrwergwea.com
http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com