The level of crime in the crypto industry is steadily growing. Recently, the network witnessed the appearance of a new phishing campaign using the WannaCry ransomware, as stated in the report of the U.K. National Fraud and Cyber Crime Reporting Center.
WannaCry is a dangerous extortionist virus, which has recently swept the whole world, taking hundreds of computers hostage from ordinary users. The amount of damage incurred was immense as any resulting fraudulent operations affected not only ordinary people but also large companies. Even governmental organizations and medical institutions became the victims of the cyber virus, and so, it literally almost cost the lives of many people. The main objectives of the attackers were computers on the territories of the U.S., the U.K., Russia, China, and India. Collectively, more than 200,000 devices worldwide suffered from the harmful effects of WannaCry.
What Is WannaCry?
WannaCry, also called WannaCrypt, is similar to other extortionist viruses. After infecting a computer, it does not allow its owner to manage the device and blocks access to their files. Then the terrorist program demands a ransom for these files in the amount of about $300.
The program is especially dangerous because security updates become absolutely irrelevant for infected computers running on Microsoft Windows. The users of other operating systems have no reason to fear. The main wave of the attacks started on May 12th of last year, when Spanish, then Russian, Ukrainian, and Indian computers were infected.
First, the virus monitors internet nodes, trying to detect open TCP 445 ports, which, in turn, are responsible for the SMBv1 protocol service. Having found such a device, the program immediately scans it for the presence of an EternalBlue vulnerability. If the owner of the computer is unlucky and there is such a loophole, WannaCry installs the DoublePulsar backdoor, through which the program is directly downloaded.
Then WannaCry only needs to generate a unique asymmetric algorithm RSA 2048 key pair for each victim. After that, the virus looks for files, closing them and encrypting them with the AES-128-CBC algorithm, and then encodes them with an RSA key.
After carrying out all of these manipulations, the program displays a message on the screen with the amount of ransom in Bitcoins, which the victim is required to pay for "releasing the hostages." At the same time, the attackers will turn on a counter, as the next day the amount will be doubled, and on the seventh day, the files will be automatically deleted. It is interesting that the language of the message will coincide with the language installed on the computer. Everything was done for the convenience of the “client.”
If WannaCry represents a serious threat to the security of the files of even advanced users, the other type of fraud associated with this virus is designed exclusively for inattentive users. Last week, the extortionists have reappeared as Action Fraud released 300 reports of criminal emails. They misled the recipients, making them think that their devices were infected.
The e-mail almost exactly copies the real letter seen by the victims of WannaCry infected computers. In fact, however, these letters are common phishing tools that hackers have been using for a long time.
"One of the victims was caught calling the ‘help’ number, which appeared in a pop-up window," Action Fraud said. As a result, the victim provided the scammers with remote access to their computer. After that, the attackers installed a tool that frees the PC of malicious programs for Windows, which is actually free, but they charged 320 pounds for it."
The company also reminded of protection measures that should be taken by all users without exception. "If you receive one of these e-mails, please remove it and let us know. In any case, do not send scammers Bitcoins and other cryptocurrencies! Regularly update the software and your antiviruses," the company said.
New Types of Fraud
About 27% of cyber crimes with cryptocurrencies are connected with exchange processes, as NewsBTC reported in March.
One of the phenomena for the world community is illegal mining by malicious software. "For example, last year, YouTube experienced a tripling increase in the illegal production of coins through viruses," said Helge Husemann, product manager for Malwarebytes, an Internet security company. "On average, we block up to 8 million fraudulent mining attempts per day."
We would like to add that cybercrime contributes to the financing of the global criminal ecosystem, which can steal not just the contents of users' crypto wallets, but also encroach on the physical security of citizens and their freedoms.