Categories: NewsTechnology

WannaCry Clone Marks the Fourth Major Ransomware Attack Against the Ukraine in two Months

While most people have all but forgotten about the WannaCry ransomware attack, residents of the Ukraine are dealing with a clone of this destructive malware. More specifically, it is one of the many ransomware campaigns targeting Ukraine specifically, which is quite problematic. This new clone does not have an official name yet, but it shows clear similarities to WannaCry.

Ukraine is a big Target for Ransomware Attacks

It is unclear why we currently have so many malware campaigns targeting Ukrainian consumers and corporations. Four different distribution campaigns have been discovered so far, although it is possible that number will continue to increase over the coming months. More specifically, the latest distribution campaign spreads a clone of the infamous

WannaCry ransomware
to as many people as possible. That is quite a problematic development, to say the least.

So far, several samples of this unnamed malware have been submitted to VirusTotal. A preliminary analysis shows it is flagged as a WannaCry clone, although no one knows for sure who is behind this particular malware strain. It does appear the malware has been in circulation since Monday, which makes it a precursor to the recent NotPetya global cyber warfare attack.

Security researchers have uncovered one particular aspect of this WannaCry clone, though. It appears the ransomware component can be found in a program directory on the hard drive which is specific to the M.E.Doc IS-pro software. More specifically, this particular software is a very popular accounting tool in the Ukraine. It is not the first time the program’s update servers have been used to launch malware attacks this year. This seems to hint at how someone has successfully hijacked the update server for malicious purposes.

Related Post

The company responsible for developing this accounting software denies any allegations of hosting trojanized versions of its app. That is quite interesting, considering multiple security research companies have confirmed the ransomware attack is originating from their servers. An official investigation is underway to get to the bottom of this problem and make sure no further attacks can be linked to the company.

It is evident this new ransomware is designed to look like WannaCry, even though it offers nothing spectacular. It is a visual clone, but that is where the similarities end. Under the hood, it is a very different type of malware, considering it is coded in .NET rather than C. It also doesn’t use an NSA exploit to spread itself, which makes it less of a threat to the entire world. It is evident a lot of ransomware developers want to ride the coattails of popular malware types.

The bigger question is why someone is deliberately targeting the Ukraine with so many ransomware attacks right now. It is almost as if someone has an actual grudge against the entire country, for some unknown reason. Four different ransomware attacks against one country in the span of just a few months is very problematic, to say the least. It is certainly possible this is all part of a larger cyber warfare threat which remains shrouded in mystery for the time being.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

100% Bonus Offer from BlockDAG, INJ Dominates DeFi & ADA Price Stumbles

Whales Make a Splash After BlockDAG's 100% Bonus Offer Goes Live - INJ Ecosystem Boosts…

7 hours ago

Plus Wallet: Top Crypto Wallet for Massive Rewards

Plus Wallet—Where Effortless Crypto Management and Rewards Align Perfectly In the world of cryptocurrency management,…

8 hours ago

Aptos (APT) and Tron (TRX) Prices Slide, As Volume Soars For Rollblock Suggesting Parabolic Rally

As Aptos and Tron prices take a recent downturn, the spotlight shifts to Rollblock, whose…

15 hours ago

Altcoins to Watch in November: Binance Coin (BNB), Rollblock (RBLK), and Neiro (NEIRO)

As the crypto markets roll into their most bullish time of year, we present three…

15 hours ago

Analysts Forecast $1 for Cardano and Lunex Network As Dogwifhat Plunges To Former Lows

As the crypto market prepares for a major rally, experts believe that two top altcoins,…

16 hours ago

Retail Traders Panic Sell During ‘Fake Dip’; Whales Hold Tight to SOL, DTX, and SHIB for a Millionaire-Maker Bull Run

Solana (SOL): A Strong Ecosystem Despite Volatility Solana (SOL) has been all over the place…

16 hours ago