Welcome to Smokey's Security Forums.
Guests only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Not sure which ransomware has infected your PC? This free tool could help you find the right decryption package

A new tool analyses the ransom note and the encrypted file in order to offer the appropriate decryption tool - if it exists.

Not sure which ransomware has infected your PC? This free tool could help you find the right decryption package

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: New XData ransomware spreads faster than WannaCry  (Read 189 times)

0 Members and 1 Guest are viewing this topic.

ScarlettTopic starter

  • Updates Moderator
  • *
  • Offline Offline
  • location: Cymru
  • Posts: 22400
New XData ransomware spreads faster than WannaCry
« Reply #1 on: May 22, 2017, 08:16:30 AM »
New XData ransomware spreads faster than WannaCry
22 May 2017, 5:43 am



Following the emergence of the WannaCry ransomware attack campaign last week, another, possibly bigger outbreak is underway. The culprit? A new ransomware called XData.

It was spotted over the weekend by security researcher MalwareHunter. MalwareHunter is one of the people behind the ID-Ransomware service that enables users to submit ransomware samples for analysis. XData was submitted via the service.

The spread of XData across Ukraine has been so rapid it has raised XData to the second most active ransomware strain, second to the ever dominant Cerber.



XData caught the attention of the team due to its rapid spread across Ukraine where, in one day, XData made four times as many victims when compared with the total for the entire week of WannaCry’s reign.



WannaCry has already infected hundreds of thousands of systems across the globe. Bu,t if you consider the current rate of XData infection in Ukraine, Russia and Germany, the global impact of XData would far outshine that of WannaCry.

Meet XData

TheXData ransomware was initially spotted in May 2017  and while its distribution method is currently unknown, these are the files and processes currently found on an infected host:

mssql.exe

msdns.exe

msdcom.exe

mscomrpc.exe

XData utilises AES encryption to encrypt files, to which it changes the extension to~xdata~. 

For example, a file named photo.png becomes photo.png.~xdata~.

Source: Bleeping Computer

Once the encryption process is complete, the following ransom note appears:

Source: Bleeping Computer

Unfortunately, at this stage, there is no way to decrypt files locked by the XData ransomware. Researchers will continue to look into this latest outbreak. We’ll keep you updated on any changes.

Related Posts:Global WannaCry ransomware outbreak uses known NSA exploitsDecrypt Amnesia ransomware with Emsisoft’s free decrypterWannaCry Ransomware: Interview with Emsisoft’s…Remove Cry9 ransomware with Emsisoft’s free decrypterEmsisoft releases free decrypter for CryptON ransomware



Source: Emsisoft Blog

>> To obtain the full Emsisoft article, click the link in the first post line <<
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle