Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant : The Register

Researchers warn over new Uiwix strain.

Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware.

Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn’t include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some dispute.

“As far as I know there’s only been two variants (one this morn) and none without [a kill]switch,” security researcher Dave Kennedy told El Reg. Other researchers, including Kevin Beaumont, are also telling us they haven’t yet seen a variant of WannaCrypt without a kill switch.

What isn’t in question is that follow-up attacks based on something similar to WannaCrypt are likely and that systems therefore really need protecting. Black hats might well create a worm that attacks the same Windows vulnerability more stealthily to install a backdoor on the many vulnerable systems still out there, for example.

The WannaCrypt ransomware spread to devastating effect last week using worm -like capabilities that relied on a recently patched vulnerability in Microsoft’s SMB file-sharing services (MS17-010). WannaCrypt used a purloined EternalBlue exploit originally developed by the US National Security Agency before it was leaked by the Shadow Brokers last month.

READ MORE : THE REGISTER

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s