- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. (source: malwarebytes)
- Infections: NHS (uk), Telefonica (spain), FedEx (us), University of Waterloo (us), Russia interior ministry & Megafon (russia), Сбера bank (russia), Shaheen Airlines (india, claimed on twitter), Train station (germany), Neustadt station ([germany](https://twitter.com/MedecineLibre/sta
I hereby claim:
- I am 0thm4n3 on github.
- I am 0thm4n (https://keybase.io/0thm4n) on keybase.
- I have a public key whose fingerprint is E8F4 C5E9 990D BC37 C82C D1EF 6BC5 7764 85C0 B28A
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
document.write ("This is remote text via xss.js located at xss.rocks " + document.cookie); | |
alert ("This is remote text via xss.js located at xss.rocks " + document.cookie); |