New ransomware attack in Ukraine
In Ukraine, again, is a ransomware attack going on. This time, however, it is not to WannaCry, but to have the malware called XData.
XData is even much more contagious than WannaCry, says a beveiligingsonderzoeker of the MalwareHunterTeam compared to Wired. According to the researcher, the ransomware is already for three times as many infections made than WannaCry in total obtained in the country. Up to now there are about a hundred infections recorded, compared to a total of thirty infections in the WannaCry-attack in the whole of Ukraine.
If the malware from spreading, the consequences may be greater than WannaCry.”If it is so quickly spread in Ukraine, it is not unlikely that it is also outside of the country is going to spread,” says the German beveiligingsonderzoeker Matthias Merkel.
According to the security office, Symantec, there are also a number of reports from Russia about the attack.
This form of ransomware encrypted as WannaCry data on computers. It’s only when a certain amount is paid, the files will be decrypted. Interestingly enough, requires Data not to a specific amount. The MalwareHunterTeam think that the amount per victim is determined. An individual might, for example, less than a company.
How XData devices exactly infects and how it spreads is still being examined by experts. However, it is now clear that it is not possible to the files after an infection without having to pay again to unlock with special software, which WannaCry was sometimes the case.
Also spreads the malware is probably not via spam. “There are too many targets in too short a time”, sets the MalwareHunterTeam against Gizmodo. Even though there are additional tools enabled, you get “not a large number of victims with spam”.
Among the victims are now a factory in Ukraine and a company where the accounting department is made. The ransomware has more systems that run on Windows Server 2008, Windows 7 and Windows 10 infected. “But there are probably more operating systems are vulnerable.”