Cyware Daily Threat Intelligence, July 06, 2020

Share Blog post

The threats posed by ransomware are not only dangerous but also oddly baffling. In the past 24 hours, security researchers have come across a new file ransomware that is named after WannaCry. Named FileCry, the ransomware encrypts all files and subfolder files in the same directory. It adds .filecry extension to the encrypted files.

Researchers have also revealed new details about the notorious Snake ransomware. It has been found that some samples of the ransomware are isolating the infected systems prior to the encryption process. In some attacks, the ransomware implemented the ability to enable and disable the firewall and leveraged specific commands to block unwanted connections to the system.

Top Breaches Reported in the Last 24 Hours

Tesco Clubcard discloses breach
Tesco Clubcard users have been warned to check their accounts after a flaw was discovered in the way that Hotels.com codes were generated. This impacted the Clubcard members who tried to use their points. While Tesco Clubcard’s IT systems have not been compromised, researchers found that cybercriminals made fraudulent voucher purchases to get huge discounts on booking via Hotels.com.

DXC Technology affected
DXC Technology disclosed that certain systems of its subsidiary, Xchanging, have experienced a ransomware attack. The company noted that it has implemented a series of containment and remediation measures to resolve this situation.

Top Malware Reported in the Last 24 Hours

FileCry ransomware
A file ransomware named after WannaCry has been found by security researchers. Dubbed FileCry, the ransomware encrypts all files and subfolder files in the same directory. Later, it adds .filecry extension to encrypted files and drops a note asking a ransom of 0.035 bitcoins from the victims.

New samples of Snake ransomware
Experts recently spotted that some samples of the Snake ransomware were isolating the infected systems before encrypting files. These Snake samples implemented the ability to enable and disable the firewall and leveraged specific commands to block unwanted connections to the system.

Top Vulnerabilities Reported in the Last 24 Hours

Hackers abuse F5 BIG-IP flaw
Hackers have started abusing the vulnerability in F5 BIG-IP networking devices to steal administrator passwords from unpatched devices. The vulnerability in question is tracked as CVE-2020-5902 and could allow attackers to take full control over unpatched systems that are accessible on the internet. It has received a CVSS score of 10.

 Tags

the wannacry
f5 big ip flaw
tesco clubcard
snake ransomware

Posted on: July 06, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!