Global Editions

After WannaCry Comes Adylkuzz

by Nushmiya Sukhera

As the world scrambles to deal with the WannaCry ransomware attack which has affected over 300,000 computers across a hundred countries, another large scale cyber attack, known as Adylkuzz, is now underway.

Experts are suggesting that due to the insidious nature of this new attack, it’s damages may be more far ranging that those associated with WannaCry.

Unlike WannaCry, Adylkuzz is more subtle in nature. Where users affected by the former could see that their files have been encrypted by the malware, the latter operates without any prominent signs. Adylkuzz uses infected devices to “mine” Monero, a virtual currency, which once created, is transferred to the makers of the virus. The attack is using the same National Security Agency (NSA) backdoors exploited by WannaCry, but the hundred of thousand of computers taken over are “mining” virtual currency for the attackers instead.

Read more: Global Data Held Hostage Through Ransomware

Researchers at computer security firm Proofpoint, in a blog post, explain that the attack shuts down Microsoft Server Message Block (SMB), which helps in discovering vulnerable computers on a network. This prevents other infections from different malwares, including that of WannaCry.

The Adylkuzz attack symptoms include loss of access to shared Windows resources and degradation of PC and server performance. According to researchers, because of its silent nature, the Adylkuzz attack is much more profitable for cyber criminals as it makes the infected users become unwitting financial supporters of their attackers. Proofpoint claims that the infected machines have transferred several thousand dollars worth of Monero to the cyber criminals till now.

While Adylkuzz has slowed the WannaCry malware by preventing additional infections in the machines it has taken over, the ransomware is still on the go. TheShadowBrokers, the hacker group which leaked the stolen hacking tool used in the WannaCry attacks, has threatened to release more such tools in June, along with compromised network data from the international banking network and information on the nuclear and missile programs of Russia, China, Iran and North Korea.


Related posts