On 12th May 2017, a ransomware was released called WannaCry.
WannaCry leverages the EternalBlue exploit, which was released with the recent NSA data leaks by ShadowBrokers, to target all the windows systems which are not patched with MS17-010.
Video showing Live WannaCry infection:
White list URL www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to stop the virus from infecting the host and from spreading.
Microsoft had release a patch for MS17-010 on 14th March 2017 - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Recently, They have also released a patch for Windows XP, Server 2003 and Windows 8 to fight the attack - https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Malware samples can be found on -
https://transfer.sh/PnDIl/CYBERed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.EXE
https://transfer.sh/ZhnxR/CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE
https://mega.nz/#!VRtRAaZD!BNcDDAsSSAyb7k3IBdTyy1E1CrOBF5RqVf7MlIFucEI
password: hackerhouse
WannaCry leverages the EternalBlue exploit, which was released with the recent NSA data leaks by ShadowBrokers, to target all the windows systems which are not patched with MS17-010.
Video showing Live WannaCry infection:
White list URL www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to stop the virus from infecting the host and from spreading.
Microsoft had release a patch for MS17-010 on 14th March 2017 - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Recently, They have also released a patch for Windows XP, Server 2003 and Windows 8 to fight the attack - https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Malware samples can be found on -
https://transfer.sh/PnDIl/CYBERed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.EXE
https://transfer.sh/ZhnxR/CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE
https://mega.nz/#!VRtRAaZD!BNcDDAsSSAyb7k3IBdTyy1E1CrOBF5RqVf7MlIFucEI
password: hackerhouse
This ransomware will look for and encrypt following filetypes:
.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pst, .ost, .msg, .eml, .vsd, .vsdx, .txt, .csv, .rtf, .123, .wks, .wk1, .pdf, .dwg, .onetoc2, .snt, .jpeg, .jpg, .docb, .docm, .dot, .dotm, .dotx, .xlsm, .xlsb, .xlw, .xlt, .xlm, .xlc, .xltx, .xltm, .pptm, .pot, .pps, .ppsm, .ppsx, .ppam, .potx, .potm, .edb, .hwp, .602, .sxi, .sti, .sldx, .sldm, .sldm, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .bz2, .tbk, .bak, .tar, .tgz, .gz, .7z, .rar, .zip, .backup, .iso, .vcd, .bmp, .png, .gif, .raw, .cgm, .tif, .tiff, .nef, .psd, .ai, .svg, .djvu, .m4u, .m3u, .mid, .wma, .flv, .3g2, .mkv, .3gp, .mp4, .mov, .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .sh, .class, .jar, .java, .rb, .asp, .php, .jsp, .brd, .sch, .dch, .dip, .pl, .vb, .vbs, .ps1, .bat, .cmd, .js, .asm, .h, .pas, .cpp, .c, .cs, .suo, .sln, .ldf, .mdf, .ibd, .myi, .myd, .frm, .odb, .dbf, .db, .mdb, .accdb, .sql, .sqlitedb, .sqlite3, .asc, .lay6, .lay, .mml, .sxm, .otg, .odg, .uop, .std, .sxd, .otp, .odp, .wb2, .slk, .dif, .stc, .sxc, .ots, .ods, .3dm, .max, .3ds, .uot, .stw, .sxw, .ott, .odt, .pem, .p12, .csr, .crt, .key, .pfx, .der