POLITICO title How To Use The Exploit To Win The War Against Greedfall Exploitant article A recent exploit for an ancient ransomware attack has been found by cybersecurity researchers.
The ransomware attack on an unnamed organization in Russia has infected more than 100 million machines in the country, according to the cyber security firm Mandiant.
The attackers took advantage of a vulnerability in Microsoft’s Hyper-V platform, called WannaCry, that has been patched by Microsoft and other companies.
“We have a bug in the hypervisor and they exploited it,” Mandiant CTO Matt Waugh told reporters at the cybersecurity conference DefCon.
WannaCry is the latest in a series of ransomware attacks that have hit the U.S. and Europe, which have forced thousands of businesses to shut down.
The WannaCrypt ransomware attacks began in December.
Mandiant researchers found that the attack was based on a vulnerability that is available to any malicious actor.
The researchers identified three variants of WannaCyber-Framework, which are known as WCB-2.1, WCB2.2 and WCB3.
The WCB versions are distributed through two different file-sharing sites: The Dark Web and the Dark Net.
The Dark Web site also offers a download link for WCB1.0, a variant of WCB that encrypts files on the dark web using the RSA public key encryption algorithm.WCB-1.1 is encrypted with the private key of a compromised email provider, the researchers said.WTB2.0 is encrypted using a compromised credit card number, and the WTB2 version is encrypted via the credit card issuer’s secure channel.WBTB3.0 encrypts documents using a stolen credit card and the attackers used a technique known as zero-day exploitation to trick a vulnerable browser into connecting to the attacker’s server.
The attacks were detected by Mandiant as they were being exploited by the Dark Web.
Wyrm, which is one of the two WCB variants, was discovered on July 1.
WTB1.3 was discovered a week ago, while WTB3.1 was discovered just days ago, Waugh said.
The attack was found by researchers at the company, and they used the exploit against more than 80,000 infected computers, the company said in a blog post.
The malware was written in the Java programming language, and it used a vulnerability discovered in the Windows 8 operating system that has allowed attackers to bypass sandbox protections and execute arbitrary code.
Wurm is designed to infect computers by exploiting a flaw in Windows 8.1.
Wurm has been known to work against Windows XP and Windows 7, but is not vulnerable to the latest Windows versions, Wurtz said.