WannaCry 2.0 Ransomware Attacks

Analysis of WannaCry 2.0 Variants and Propagation Vectors Seen in The Wild

An aggressive ransomware campaign WannaCry 2.0 went viral on May 12, 2017, that impacted over 200,000 systems worldwide and the attack remains active. The use of the leaked NSA “ETERNALBLUE” SMB exploit by the dropper payloads, which target a Microsoft Windows vulnerability in the Microsoft Server Message Block (SMB) v1.0 protocol, made this campaign virulent. Microsoft released a patch for this vulnerability in March 2017 for all the supported operating systems; however, there are still organizations with legacy systems running older and now unsupported operating systems like Windows XP for which the patch was not available in March. Microsoft released an emergency patch over the weekend for the unsupported operating systems in the wake of this attack.

As predicted in the WannaCry Zscaler Security advisory, we are now seeing different variants of the initial dropper in the wild that are leading to the WannaCrypt ransomware infection. In this blog, we will provide a technical analysis of different dropper variants we have seen till now, propagation vectors, and the final ransomware payload.

Read More: Wannacry 20 Ransomware Attacks Continue

Related Posts

Leave a Reply

About Us

"AGT" offers complete end-to-end security protection through technology tools, cybersecurity strategy, consulting, and project management services. From addressing specific security gaps to a full environment cybersecurity strategy. With services designed to improve any organization’s overall organizational security posture, AGT develops strategies to implement and deploy successful cybersecurity solutions to protect companies from data and financial loss.