-
-
- 1 more reply
New conversation -
-
-
Why didn't attackers register domain in advance to avoid sinkhole?
-
Honestly this feels pretty amateur hour to me.. anyone competent intending on maximizing profit would have used a different method
-
Perhaps it was just a test run, they knew that either they could stop propagation or a researcher would before things got too crazy
-
Well, the ransomware author right now must be...pic.twitter.com/hOllKXBXuF
- 1 more reply
New conversation -
-
-
What is the binary?
-
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
-
Wow, I didn't have this one ! I missed out so much ! Good job guys
@darienhuss &@MalwareTechBlog !
End of conversation
New conversation -
-
-
这个好可怕,还会有后续更新吗?
-
Yes most likely. I wouldn't be surprised if we see copy cat incidents or a release with no killswitch in 24-72 hours. Patch your systems!
-
They released it without kill switch.
End of conversation
New conversation -
-
-
Does that mean new infections will stop now?
-
I'm not sure yet what payload is dropped if SMB exploit is successful, if it deploys same dropper frm screen (encr/propagator) then possibly
-
thx. any idea who runs that sinkhole? whois shows an anonymous registration
End of conversation
New conversation -
-
-
...why would they put this code into the program in the first place?
-
To stop spreading most likely. But the implementation was terrible so I believe they are amateurs. Damage could have been worse.
- 1 more reply
New conversation -
-
-
Wait if it's sinkholed people can't even pay the ransom and get their files back? Like some people may have some really important files
-
The sinkholed domain is only used as a dead-man switch, the actual C2 is over Tor to several different .onion addresses.
-
Ah, that makes more sense.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.