Part1 从样本看Virtual App在黑产中的应用4月初，Trustlook安全研究人员在使用App Insight对国内某商店进行常规审核时，截获了一个名为“换机精灵”的样本，该应用作为一款换机工具，实则为恶意刷量木马， ...
Ransomware is the number one cybersecurity threat facing consumers and business worldwide. (Trustlook posted research last month on just how big of a problem for consumers ransomware is becoming.)
Today’s WannaCry outbreak is just more evidence of the severe threat posed by ransomware. Banks, telephone companies and hospitals have all been ensnared in the worldwide hack, with the malware locking down computers while demanding a hefty sum for freedom.
The attack has hit close to 100,000 computers across China, Russia, Spain, Italy and Vietnam, but the UK hospitals have attracted the most attention because real lives at risk while their devices are locked down.
The malware used in the attacks encrypts the files and also drops and executes a decryptor tool. The request for $600 in Bitcoin is displayed along with the wallet. It’s interesting that the initial request in this sample is for $600 USD, as the first five payments to that wallet is approximately $300 USD. It suggests that the group is increasing the ransom demands.
Trustlook has identified the following files used in the WannaCry ransomware attack. Analysis is ongoing, and we will update this blog with more information.