Header Ads

PhishCentral is a resource for all security researchers with a focus on phishing and spam related malware. All information provided at this site is to be used only for research and learning. If you want samples of the malware reported on this site for further analysis and research, send your requests to samples@phishcentral.com

Malware: WannaCry RansomWare - Infection Vector unlikely to be Phishing

By now, the whole world has heard of the new ransomware WannaCry and its variants. Some of you might be wondering why there hasn't been anything posted here on this sire regarding the phishing aspect of the campaign. The reason is quite simple. Unlike what many security vendors have reported, it is highly unlikely that the infection is being spread through phishing campaigns. The malware is targeting victims across the world, based on the well-known SMBv1 vulnerability that was released by ShadowBrokers very recently. It is looking like the internet is being scanned for vulnerable computers and then attacked with the malware.

Easy wins: disable SMB, make sure you are not blocking the killSwitch.

There is a lot of reporting around this now but most of it is just re-tweets and news stories which add little to nothing to the real campaign.

Here's a good RE paper from Jake Williams on the payload.
And here's the tool that you can use to prevent WannaCry infections if you cant patch your systems.

No comments:

Powered by Blogger.