Wednesday, May 24, 2017

#Wannacry & the Virut Botnet

A new variant of Wannacry appears to be making a bad situation worse. Wapack Labs has recently identified a new malware specimen that is 75% similar to Wannacry. Instead of leveraging a “kill-switch” domain, the program uses a combination of several static domains as well as a domain generation algorithm (DGA) so as to bypass network based mitigations. Furthermore, the domains appear to be related to Virut (medium confidence), a cybercrime botnet in operation since 2006. A more detailed analysis on this development is pending.


Wapack Labs has cataloged and reported on Wannacry ransomware in the past.  An archive of related reporting can be found in the Red Sky Alliance portal.