A virulent new strain of ransomware known as WannaCry (Ransom.Wannacry) has hit hundreds of thousands of computers worldwide since its emergence on Friday, May 12. WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting critical vulnerabilities in Windows computers, which were patched by Microsoft in March 2017 (MS17-010).
WannaCry searches for and encrypts 176 different file types and appends .WCRY to the end of the file name. It asks users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days it claims the encrypted files will be deleted. However Symantec has not found any code within the ransomware which would cause files to be deleted.
More information on Ransom.Wannacry is available in our threat writeup.
Symantec discusses changes and trends in the financial threat landscape throughout 2016. The white paper looks at which threats ruled the financial threat space in 2016 and how they were affected by various disruptions over the year.
It also examines how the actors behind financial threats are beginning to focus their attention on financial organizations rather than their customers.