Stealthy Adylkuzz Ransomware variant worse that WannaCry

Cyberattack illustrationAnother major global cyberattack is underway, and it could be even bigger than the weekend’s WannaCry ransomware attack last week.

Key points:

  • Adylkuzz has probably been running in infected machines since the vulnerability was leaked
  • It does not hold data to ransom, rather runs a program in the background for monetary gain
  • Most machines hit had not been updated and would have been safe if they had

Independent cybersecurity researcher Troy Hunt said the so-called Adylkuzz attack appears to be exploiting the same vulnerabilities the WannaCry ransomware attack did.

Mr Hunt told The World Today it appeared Adylkuzz actually began to exploit computers when the vulnerability was announced almost one month ago.

And while WannaCry was busy making “such a big noise” and was easily observable by everyone, Adylkuzz was working away quietly in the background.

There are some fundamental differences between WannaCry and Advlkuzz.

On paper, WannaCry was more damaging in a traditional sense, by threatening the loss of a victim’s data.

It encrypted files on the machine and then when the user next tried to log in, a window popped up demanding ransom of a certain amount in a form of crypto currency.

“This latest variant [Adylkuzz] appears to be a lot more stealthy, insofar as it’s not destroying assets that you have in your machine,” Mr Hunt said.

“Rather it’s using the machine to mine crypto keys to turn it into something with monetary value.”

What that means is the malware consumes resources on the machine, such as using CPU cycles.

So whoever is behind the attack creates an army of machines, with each one running a program in the background of the machine which link up with other machines infected and altogether create small amounts of cryptocurrency.

These programs mostly go unnoticed by the computer’s owner.

“It’s certainly not as obvious as when you get a warning popping up on your screens saying, ‘Hey, your [data] has just been encrypted’,” Mr Hunt said.

And while the effect might not be as obvious at the start, what Mr Hunt warned was that it could easily expand into something, “a whole lot more malicious.”

“These malicious programs are controlled by these commanding control servers, that manage bot-nets around the world,” Mr Hunt said.

The infected machines are then standing ready to do the attackers’ bidding.

Mr Hunt said the concern was that while mining crypto currency was one thing, it could then expand further into something far worse.

Further reading at ABC

Leave a Reply