Ransom.Wannacry is a worm that spreads by exploiting vulnerabilities in the Windows operating system. Once installed, it encrypts files and demands a payment to decrypt them.
Ransom.Wannacry is a worm that delivers a ransomware payload. It has two primary components. A worm module used for self-propagation and a ransom module used for handling the ransom extortion activities.
At this time, the initial infection vector is unknown. There have been discussions of the threat being initially spread through email but this has not been confirmed.
Given the nature of the infection routine, it is possible that only a small number of targets may have been initially seeded with the worm and then the worm propagation routine continued to expand out the pool of compromised computers.
WannaCry is a threat composed of two main parts, a worm module and a ransomware module. The ransomware module is spread by a companion worm module. The worm module uses the Microsoft Windows SMB Server Remote Code Execution Vulnerability
(CVE-2017-0144) and the Microsoft Windows SMB Server Remote Code Execution Vulnerability
(CVE-2017-0145) to spread.
Ransom demand amount
- US$300-$600 paid in bitcoin
Timeline of the WannaCry ransomware attack
Computers compromised by Ransom.Wannacry may display a black Windows desktop background image with instructions in red text.
In addition, the ransomware module displays a window with instructions to the user informing them of what has happened and how to pay the ransom.
Users may find that they are unable to open data files, and files may be seen with the following extension at the end of their file names:
Users may also find the following files in a number of folders where files have been encrypted:
- !Please Read Me!.txt
The text file contains a message informing the user of the ransom demand.
SONAR behavior detection technology
Advanced machine learning
Apply patches for the following issues:
For more information, please see the following resources
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.