Kee Ransomware Removes Payment Option to Make Victims Sufffer

TheMerkle Kee RansomwareEveryone is well aware of how internet criminals like to deploy ransomware as a way to cause havoc. In most cases, getting rid of such malicious software can only be done by paying a specific demand in Bitcoin. However, a new type of ransomware has been discovered which encrypts computer files and does not provide any payment option whatsoever. It appears this was done on purpose, which only makes Kee an even more obvious odd duck in the pond. Kee Ransomware Is A Real Piece of Work As if dealing with a ransomware attack is not annoying enough, some developers

TheMerkle Kee Ransomware

Everyone is well aware of how internet criminals like to deploy ransomware as a way to cause havoc. In most cases, getting rid of such malicious software can only be done by paying a specific demand in Bitcoin. However, a new type of ransomware has been discovered which encrypts computer files and does not provide any payment option whatsoever. It appears this was done on purpose, which only makes Kee an even more obvious odd duck in the pond.

Kee Ransomware Is A Real Piece of Work

As if dealing with a ransomware attack is not annoying enough, some developers try to make things even more problematic. To be more specific, the Kee ransomware is a nasty piece of malicious software no one wants to deal with anytime soon. It is unclear who is responsible for creating this new malware strain, yet it is evident they have only one intention: destruction.

To put this into perspective, Kee is not like your average type of ransomware by any means. It does encrypt computer files once it successfully infects a machine, and it displays a ransom message once this process is completed. That is where the correlation with any other type of malicious software ends, though. In fact, it appears the people responsible for developing this project are deliberately trying to prevent people from restoring files access.

There is no option to pay a ransom demand when dealing with this ransomware right now. Although we have seen strains where this is merely a sign of bad coding, Kee proves to be a very different breed of harmful software. It is impossible to decrypt this ransomware for free right now, which means victims have no other option but watch their files remain encrypted and eventually deleted.

Kee also changes your computer background to a black color with red text, explaining how all files on the device have been encrypted. It also makes it clear how victims cannot get their files back, not even by paying a sum in Bitcoin. This malicious intent is something we rarely see from cybercriminals these days, although it could be a sign of what is yet to come in the future. Taunting victims and rubbing it in their faces how they will never get their data back is a very unique approach, to say the least.

It is unclear what the developers of Kee are trying to achieve exactly. It is evident they are not motivated by money, since they don’t allow victims to pay for a decryption key. They are seemingly not stealing information either by the look of things. This is perhaps one of the first types of ransomware that is literally trying to cause havoc without any ulterior motive. If that is the case, the entire world is in for a lot of trouble moving forward.

The fact this malicious software still displays a countdown timer to taunt victims is rather sickening. Once the timer expires, the encrypted files will be deleted from the computer, which is quite a troublesome development.  It is unclear if the victims can restore data by loading previous backup onto their hard drive, but it seems unlikely at this stage. We can only hope Kee does not become a global threat anytime soon.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

EternalRocks Worm Uses Six NSA-developed SMB Exploits to Infect Computers

TheMerkle SMB Worm NSAThe NSA vulnerabilities related to the Windows SMB exploit have proven to be quite problematic. Multiple types of ransomware are exploiting this issue with an astonishing rate of success so far. Unfortunately, it appears this vulnerability has also spawned a new worm spreading through the SMB protocol. This particular worm uses seven different NSA tools to cause as much havoc as possible. Rest assured this is only a sign of what is yet to come. SMB Worm is A Very Big Problem For Windows Users For the people who believed the WannaCry ransomware was the biggest concern, reality has a funny way of making

TheMerkle SMB Worm NSA

The NSA vulnerabilities related to the Windows SMB exploit have proven to be quite problematic. Multiple types of ransomware are exploiting this issue with an astonishing rate of success so far. Unfortunately, it appears this vulnerability has also spawned a new worm spreading through the SMB protocol. This particular worm uses seven different NSA tools to cause as much havoc as possible. Rest assured this is only a sign of what is yet to come.

SMB Worm is A Very Big Problem For Windows Users

For the people who believed the WannaCry ransomware was the biggest concern, reality has a funny way of making things a lot worse than originally assumed. A new Windows worm is making use of the same SMB exploits abused by the WannaCry ransomware and a few other types of malicious software which have come to market in its wake. This new worm proves to be quite a big problem, though.

To be more specific, the worm makes use of not just two recently disclosed NSA exploits, but seven. WannaCry looks like a very small threat compared to the havoc this SMB worm is capable of causing right now. For the time being, researchers have dubbed this worm as “EternalRocks,” and it uses six different SMB-centric NSA tools to infected computers all over the world.

As one would expect, the EternalBlue exploit is one of the vulnerabilities, together with a few other exploits the NSA has developed in-house over the past few years. As soon as EternalRocks successfully infected a computer, it uses a seventh NSA exploit – dubbed DOUBLEPULSAR – to spread itself to other vulnerable machines. Stopping this worm in its tracks will be an incredibly difficult task, to say the least.

While security researchers agree EternalRocks is far more complex, they also seem to think this SMB worm is far less dangerous. It does not deliver malicious content such as ransomware or a keylogger right now, although that may only be a matter of time until this changes. It also appears the EternalRocks worm uses a Tor-based command & control server to communicate with once it successfully infected a computer. The response from this server will come 24 hours after the infected host sent information to the server. This delay should help bypass sandbox security.

Unfortunately, it doesn’t appear this SMB worm comes with a kill switch domain security researchers can use to shut it down. That could prove to be quite a problematic development, as stopping a worm with the potential of infecting millions of computers in a short amount of time only becomes more difficult now. Things will only get worse once this worm gets weaponized with a malicious payload. Rest assured some criminals will look to exploit this potential in the future.

Thinking EternalRocks is harmless is one of the biggest mistakes security experts can make right now. The current iteration does not come with a malicious payload, but it is also clearly a sample of what may come in the future. The DOUBLEPULSAR exploit can be used by other assailants who want to gain backdoor access to computers. It is evident the SMB protocol is causing a lot of security problems for Windows users right now, and solving this problem will prove to be a major challenge.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

WannaCry Ransomware Starts Infecting Medical Devices Running Windows Embedded

TheMerkle WannaCry Ransomware Medical DevciesIt looks like there is another major development regarding the WannaCry ransomware attack. Instead of going after personal and enterprise computers, the malicious software is now infecting medical devices as well. That is a very troublesome development, as radiology equipment infected with ransomware becomes entirely unusable. It is unclear how many medical devices are affected by WannaCry at this point. Medical Devices Are Not Safe From WannaCry It is somewhat disconcerting to learn medical devices are now vulnerable to WannaCry ransomware attacks as well. A picture of an infected radiology machine has surfaced on the Forbes website earlier this week.

TheMerkle WannaCry Ransomware Medical Devcies

It looks like there is another major development regarding the WannaCry ransomware attack. Instead of going after personal and enterprise computers, the malicious software is now infecting medical devices as well. That is a very troublesome development, as radiology equipment infected with ransomware becomes entirely unusable. It is unclear how many medical devices are affected by WannaCry at this point.

Medical Devices Are Not Safe From WannaCry

It is somewhat disconcerting to learn medical devices are now vulnerable to WannaCry ransomware attacks as well. A picture of an infected radiology machine has surfaced on the Forbes website earlier this week. It is unclear if this is just one particular infection, or if multiple medical devices are at risk of dealing with a malicious software attack. If it is the latter, things are not looking good by any means.

The main reason why this particular device was successfully infected by WannaCry is because it runs the Windows Embedded operating system. Up until this point, no one considered that particular operating system to be vulnerable to SMB exploits as well. Unfortunately, it appears that is the case. Microsoft may issue a security update to fix this problem, although it is doubtful these machines will install it automatically.

Quite a few medical equipment vendors are growing concerned regarding this new development. It is unclear which particular hospital was infected by WannaCry and whether or not other institutions are at risk as well. The machine in question is a Bayer Medrad,  and the manufacturer confirmed two reports regarding WannaCry infections have been received so far. Two reports may not sound like a lot, but not every hospital reports such incidents immediately either.

It is believed Siemens medical devices may be susceptible to WannaCry ransomware attacks as well. This information was shared by the Health Information Trust Alliance, and later on confirmed by an official source. It appears Siemens Healthineers products run a version of the Windows operating system still suffering from this SMB exploit. It is unclear how many Siemens medical devices may have been affected at this time, though.

Unfortunately, the problems don’t end there, as Smiths Medical, Medtronics, and Johnson  & Johnson all issued security alerts as well. While none of these machines have been officially infected with WannaCry ransomware at this time, it is still too early to gauge the full effect of what this malicious software is capable of. More specifically, the bigger question is how this software can be removed from medical devices without having to pay the ransom demand. That seems virtually impossible right now.

It is not the first time medical institutions have to deal with ransomware attacks. In most cases, these attacks are directed at staffers’ computers, rather than the medical equipment itself. WannaCry is a clear example of how things can go from bad to worse in a heartbeat, especially in environments where a lack of cybersecurity will create more problems in the future. It is troubling the medical sector is still unprepared for these attacks, that much is certain.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.