Another hazardous malware called Adylkuzz that exploits the vulnerability of Windows software has surfaced even as the world is trying to contain WannaCry ransomware attack that has infected computers around the world. Surprisingly, the virus has been there for a while and is said to have caused more damage than the WannaCry.
What actually Adylkuzz is?
Adylkuzz is a high-risk computer virus belong to file locking Trojan. It infiltrates the security-vulnerable computer silently and allows remote attacker to access the compromised computer to execute codes that encrypt users’ personal files with nasty extension. Once it lurks into your PC, it tries to open the Remote Desktop Protocol (RDP) connection on your computer using default user name and password list. It utilizes this open channel in order to access network shared resources and spread a copy of Adylkuzz files.
Adylkuzz facilitates the hacker to intrude your PC, thus the hacker execute codes hijack your files and block your access to all of them. It pop up warnings to ask you follow instruction to visit hacker’s website decrypt your files with lots of money. Worse still it can be used by hacker to steal your confidential information such as banking login details, thus they can take all your money in the account. Adylkuzz is no doubt a severe threat to your PC, it’s highly recommended to remove it with as early as you can.
Independent cybersecurity researcher Troy Hunt said the so-called Adylkuzz attack appears to be exploiting the same vulnerabilities the WannaCry ransomware attack did.
Adylkuzz, that also exploits the same Windows vulnerability like the WannaCry ransomeware, has reportedly affected more than 200,000 computers so far.
Mr. Hunt told while WannaCry was busy making "such a big noise" and was easily observable by everyone, Adylkuzz was working away quietly in the background.
Surprisingly, Adylkuzz virus is said to have been active since April 24 or at least on May 2, but it remained undetected. Unlike the WannaCry ransomeware that locks down a system until a ransom is paid, Adylkuzz allows the computer to work but at the same time generates digital cash or "Monero" cryptocurrency in the background, keeping the victims unaware of the attack.
There are some fundamental differences between WannaCry and Adylkuzz:
On paper, WannaCry was more damaging in a traditional sense, by threatening the loss of a victim's data.
It encrypted files on the machine and then when the user next tried to log in, a window popped up demanding ransom of a certain amount in a form of crypto currency.
"This latest variant [Adylkuzz] appears to be a lot more stealthy, in so far as it's not destroying assets that you have in your machine," Mr Hunt said.
While the term cryptocurrency is typically associated with Bitcoin, Adylkuzz actually mines Monero, a similar but more heavily encrypted digital currency. Monero recently saw a significant uptick in usage after it was adopted in the AlphaBay market on the Dark Web.
As with other cryptocurrencies, Monero expands in market cap through self-proliferation via digital mining. One monero is roughly equivalent to $27 at current exchange rates.
During its research, Proofpoint identified three addresses which had already generated $7,000, $14,000 and $22,000 respectively, before being shut down.
To cover their tracks, whoever is behind the attack regularly changes the online payment address to avoid attracting too much attention.
So, how do you know if your computer is infected by Adylkuzz virus? Researchers at Proofpoint said that you will loss of access to shared Windows resources and experience degradation of PC and server performance if your computer is infected by Adylkuzz.
Who is behind digital currency miner Adylkuzz? A hacking group called Lazarus Group, associated with North Korea, targeted digital currency Monero last month according to security firm Kaspersky Lab. Both WannaCry ransomeware and Adylkuzz exploit vulnerability of Windows software, suggesting that North Korea could be behind the attacks. However, it is not confirmed yet.
Are the same people behind both attacks?
Mr Hunt said at this time it was hard to tell exactly who was behind the Adylkuzz attack.
But he said there was speculation WannaCry was related to North Korea, due to the software behavioural characteristics sharing similarities to the Sony attack in 2014 — which was attributed to DPRK.
The underlying vulnerability was disclosed publicly a month ago, which Mr Hunt said meant anyone could have picked it up and "left it open."
"This was something that the NSA knew, some people stole the tools from the NSA and then leaked it publicly," he said.
"So, the vulnerability itself is really broadly known."
How safe are you?
It was important to keep in mind, Mr Hunt said, the vulnerability the two malware variants exploited, had been fixed for the past two months.
So why are people still being attacked?
Essential to protecting a machine from being attacked is to keep up to date with patches through updates.
Last week, the national health service in the UK was hit heavily by the WannaCry attack simply because they had not been patching their machines.
But it is not just big organisations who are at danger if they don't update regularly.
"Individuals like you [and] me … who do things like [turn off updates] with their Windows machine … if you do that, you don't get the protection," he said.
"So that's sort of the big lesson we're getting out of this: we're as vulnerable as our practice as users.
"If you use the technology just straight out of the box the way it's designed to be used, you wouldn't have had problems with this incident."
So, Here are some Precautions provided by Secure Hacking:
– You should always choose Custom Installation no matter what software you are going to install;
– Uncheck hidden options which attempt to install additional programs you never need;
– Scan all downloaded attachments of email before you open them;
– Never open any attachments of unknown or spam emails;
– Do not update any app from nonofficial websites.
0 comments:
Post a Comment