Your browser is obsolete!

The page may not load correctly.

Encrypt everything

Закодировать всё

Other issues in this category (22)
  • add to favourites
    Add to Bookmarks

WannaCrypt: Is all lost?

Read: 1414 Comments: 3 Rating: 9

It was Friday evening, May 12, 2017. System administrators had left for the weekend and users were feeling relaxed when, out of the blue, shocking news erupted about a mass WannaCrypt ransomware infection. We'll talk about the ransomware species in detail in another issue. Now let's see what you can do if you are worried about whether or not your anti-virus can detect this dangerous threat.

Alas, few news posts provide enough information to help users recognize the threat. Things are easier if a post contains hashed values that help identify a certain file. In this case, these are files that are part of the ransomware or any other malicious program.

For the first WannaCrypt strain, the list of hashed values (since we're talking only about the action sequence, the values below represent only some of the files) is as follows:

Name : 07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd
LastWriteTime : 5/14/2017 5:56:00 PM
MD5 : D724D8CC6420F06E8A48752F0DA11C66
SHA2 : 07C44729E2C570B37DB695323249474831F5861D45318BF49CCF5D2F5C8EA1CD
Length : 3723264

Name : 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
LastWriteTime : 5/13/2017 7:26:44 AM
MD5 : DB349B97C37D22F5EA1D1841E3C89EB4
SHA2 : 24D004A104D4D54034DBCFFC2A4B19A11F39008A575AA614EA04703480B1022C
Length : 3723264

Name : 32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf
LastWriteTime : 5/14/2017 4:11:45 PM
MD5 : D5DCD28612F4D6FFCA0CFEAEFD606BCF
SHA2 : 32F24601153BE0885F11D62E0A8A2F0280A2034FC981D8184180C5D3B1B9E8CF
Length : 3723264

Then, to get detailed information, go to virustotal.com and open the Search tab:

#drweb

Here, enter the hashed value into the search field

#drweb

and get the result:

#drweb

#Trojan.Encoder #encryption_ransomware #ransomware

Dr.Web recommends

If your anti-virus is Dr.Web, this wave of WannaCrypt attacks hasn't caused you a headache. But stay vigilant.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments