Fake WannaCry Ransomware Campaign Uncovered

In May 2017, WannaCry ransomware attacks brought many businesses to a stop, with the UK’s National Health Service (NHS) a notable target. Now, a little more than 12 months later, a new WannaCry ransomware campaign is being operated, or so the sender of a batch of phishing emails claims.

Email recipients are warned “WannaCry is back!” and are informed that their devices have been hacked and ransomware has been downloaded.

Email recipients are told that the threat actors have improved their ransomware and this time around antivirus software and firewalls will not prevent file encryption. Further, recovery will not be possible if the ransom is not paid.

Failure to pay, or any effort to try to remove the ransomware without paying the ransom demand will lead to permanent file deletion. Further, the ransomware can propagate and infect the local network, cloud data, and remote devices, despite the operating system.

Email recipients are told that the ransomware has already been shared and payment of a ransom of 0.1 Bitcoin – Around $650 – must be made to bring an end to the attack. Email recipients are given just one day to pay the ransom before data are permanently erased.

The email is snent by WannaCry-Hack-Team, and so far, more than 300 copies of the message have been made known to the UK government’s National Fraud and Cyber Crime Reporting Centre, Action Fraud.

There are some signs that the email is not an authentic threat, and instead is just preying on fears about another WannaCry style attack.

Ransomware hackers encrypt data then ask for a ransom to unlock files. They do not issue a warning saying they will encrypt data if a ransom is not met. That tactic may be used by some DDoS hackers, but not by ransomware threat actors.

Email recipients are informed that this version of WannaCry will work on “any version of Windows, iOS, Android, and Linux.” The original version of WannaCry aimed for a vulnerability in Windows Server Message Block. WannaCry only impacted vulnerable Windows devices that had not been patched. The ransomware was not a threat on other operating systems.

Phishing campaigns often include spelling errors in the subject line and message body and this email is the same. The subject line reads – “Attantion WannaCry”.

This is just a phishing campaign that attempts to steal money from the recipient. No ransomware has been downloaded and the hackers cannot encrypt any files.

If you are sent such a message threatening file encryption unless you pay a ransom, make the message known to Action Fraud (UK), US-CERT (phishing-report@us-cert.gov) in the United States, or the government Fraud and Cyber Crime agency in your country of residence and erase the email and do not pay any Bitcoin ransom.

Of course, not all ransomware attacks are as benign as this and many attackers will be able to encrypt your data. To safeguard against real ransomware threats ensure you create a number of backups of your files, deploy a spam filtering solution, make sure your operating system and all software are kept up to date, and keep your anti-virus protection up to date.

Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone. https://twitter.com/ElizabethHzone