Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

New XData ransomware spreads faster than WannaCry

Starbuck

Admin & Security Team
Administrator
Super Moderator
Joined
Feb 19, 2010
Messages
4,798
Location
Midlands, UK
Very Experienced
BZjk1wi.png


Following the emergence of the WannaCry ransomware attack campaign last week, another, possibly bigger outbreak raging predominantly across the Ukraine is underway.
The culprit? A new ransomware called XData
.

It was spotted over the weekend by security researcher MalwareHunter.
MalwareHunter is one of the people behind the ID-Ransomware service that enables users to submit ransomware samples for analysis.
XData was submitted via the service.

The infections with XData across Ukraine have been increasing so rapidly it has raised XData to the second most active ransomware strain, second to the ever dominant Cerber.

uY0RwSs.jpg


XData caught the attention of the team due to its rapid spread across Ukraine where, in one day, XData made four times as many victims when compared with the total for the entire week of WannaCry’s reign.

AhJcpn8.jpg


WannaCry has already infected hundreds of thousands of systems across the globe, but if you consider the current rate of XData infection in Ukraine, Russia and Germany, the global impact of XData would far outshine that of WannaCry.

Meet XData

TheXData ransomware was initially spotted in May 2017 and while its distribution method is currently unknown, these are the files and processes currently found on an infected host:
  • mssql.exe
  • msdns.exe
  • msdcom.exe
  • mscomrpc.exe
.
XData utilises AES encryption to encrypt files, to which it changes the extension to~xdata~.

For example, a file named photo.png becomes photo.png.~xdata~.

DKEJyKj.jpg

Source: Bleeping Computer

Once the encryption process is complete, the following ransom note appears:

sEqxgSs.jpg

Source: Bleeping Computer

Unfortunately, at this stage, there is no way to decrypt files locked by the XData ransomware.
Researchers will continue to look into this latest outbreak.


Source:
http://blog.emsisoft.com/2017/05/22/xdata/
 
Back
Top