Wednesday, June 28, 2017

Here's The Latest Developments Of WannaCry Ransomware Virus, There's Latest Version - WannaCry virus attacks have not stopped until today, has many victims who reported the virus and has many researchers also find the latest types of WannaCry this. WannaCry itself has spread (sampled) with different domains and Kill-Switch functions and without Kill-Switch functionality. The Kill-Switch function is:

  • The condition of a program will be run (infection process) when one or several conditions are met.
  • Tools included in the WannaCry virus itself as a tool to stop it or turn it off.
  • The unique deployment technique that is with the use of domain names (such as,, and others) are not listed. How it works like the following:

Cara Kerja Penyebaran Virus WannaCry.
Figure 1. How WannaCry Virus Deployment Works.

In the picture above can be seen that the first line starts from the perpetrator who spread the virus WannaCry through the internet network. Next WannaCry will infect one or more computers connected to the network through the weaknesses of the victim's computer (User 1). Computers affected by WannaCry will perform the process of deployment by calling / connecting a domain name (not listed) that is hidden in the victim's computer. If the connection is successful then this virus will not spread, but if it fails then will do the destruction of the system and the spread to the Internet network or network connected to it. WannaCry from User 1 will search for new targets, such as getting Target User 3 then User 3 computer will do the same thing as User's computer 1. This process happens continuously as long as WannaCry virus continues to spread.

Read Also:
Introduce New Virus Ransomware WannaCry
Recognize Symptoms and 5 WaysCry Ransomware Virus Prevention Steps

Based on the above flow, it can be done one action is to register the hidden domain. Of course to know the domain name to be addressed must require its own expertise to find the victim computer. This was once done by someone who named himself as MalwareTech, by accidentally registering the domain so that the spread of warm is stopped.

Example :
Hxxp: // www . Iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea . com

Hidden domain names have different names on each victim's computer. For example, a security researcher Matthieu Suiche has confirmed that he has found a new domain with the Kill-Switch function. The domain name is registered to slow the infection.

Domain Name:
Hxxp: // ifferfsodp9ifjaposdfjhgosurijfaewrwergwea . Com 

The WannaCry virus actually has a tool to stop it (like the description code described above) but it turns out there are some WannaCry that do not include a tool to stop it / kill it (Kill-Switch). This information is preached by Costin Raiu. Costin Raiu is a director of the global research and analysis team at Kaspersky Labs who reported that his team found some WannaCry did not include / have tools to turn it off. 

How is the development of WannaCry?
The development of the WannaCry virus is very rapid with the marking of many sample findings from WannaCry. Each sample has its own differences, such as those involving Kill-Swicth and some that do not include Kill-Switch. The development of this virus is caused by many parties who utilize early virus samples from the first maker and changed by removing or adding something to the virus sample. So there are versions of WannaCry like WannaCry version 1.0 and WannaCry version 2.0.

Perkembangan Virus WannaCry
Gambar 2. Perkembangan Virus WannaCry

Source by Zonacerdas.

Best Sellers

Here's The Latest Developments Of WannaCry Ransomware Virus, There's Latest Version
4/ 5