0 6 min 2 yrs

It is regarding the Wannacry-Ransomware which is affecting windows servers. WannaCry is a form of “ransomware” that locks up the files on your computer and encrypts them in a way that you cannot access them anymore. In the case of WannaCry, the program encrypts your files an demands payment in bitcoin in order to regain access. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. Kaspersky Lab’s indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has recently been made available on the internet through the Shadowbrokers dump and patched by Microsoft. (Dec 31, 2017)

For command and control, the malware extracts and uses Tor service executable with all necessary dependencies to access the Tor network. The file extensions that the malware is targeting contain certain clusters of formats including:

a) Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
b) Less common and nation-specific office formats (.sxw, .odt, .hwp).
c) Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
d) Emails and email databases (.eml, .msg, .ost, .pst, .edb).
e) Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
f) Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
g) Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
h) Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).

If you have yet to install the Microsoft fix you should do so immediately. You should also be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on Web links. Keep your server up to date and do not forget to run update and scan the server on regular intervals.

** BUY secure Dedicated Servers

Leave a Reply