Nearly 100 countries, including India, have been hit by a massive cyber-attack, which, according to experts, was carried out with the help of “cyber weapons” stolen from the US National Security Agency. The cyberattack was first reported from Sweden, Britain, and France, US media outlets reported.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings, and other legitimate files. It has been reported that new ransomware, “Wanna cry” is spreading widely. Wannacry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems.
This exploit is named ETERNALBLUE. The ransomware WannaCrypt or Wanna Cry encrypts the computer’s hard disk drive and then spreads laterally among computers on the same LAN. The ransomware also spreads through malicious attachments to emails.
An increase in activity of the malware was noticed on Friday, security software company Avast reported, adding that it “quickly escalated into a massive spreading”. Within hours, over 75,000 attacks have been detected worldwide, the company said. Meanwhile, the MalwareTech tracker detected over 100,000 infected systems over the past 24 hours.
According to cyber swachhta Kendra, the file extensions that malware ‘Wanna cry’ is targeting contain certain clusters of formats like:
- Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
- Less common and nation-specific office formats (.sxw, .odt, .hwp).
- Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
- Emails and email databases (.eml, .msg, .ost, .pst, .edb).
- Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
- Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
- Graphic designers, artists and photographers files (. vsd, .odg, .raw, .Nef, .Svg,. psd).
- Encryption keys and certificates (.key, .Pfx, .Poem, .p12, .csr, .Gpg,. us).
- Virtual machine files (. vmx, .Vmdk,. video).
Kindly do not open any email attachments unless thoroughly scanned with a paid antivirus application whose virus definitions have been thoroughly updated. In addition, do not open or run any attachment with tasksche.exe file. We have also attached the industry best practices & know-how on ransomware mitigation.