Scworld
WantToCry Ransomware Campaign Targets Exposed SMB Services for Remote Encryption
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The WantToCry ransomware campaign exploits exposed Server Message Block (SMB) services to remotely encrypt files without deploying malware on victim systems. Attackers scan for open SMB ports and use brute-force methods to gain access, leading to file exfiltration and encryption on their own servers. Ransom notes are left on affected systems, demanding payments ranging from $300 to $1,800 in Bitcoin. The campaign has been active since at least early 2024, with over 1.5 million devices identified as vulnerable. The ransomware's name is a nod to the infamous WannaCry ransomware, but it operates differently, focusing on remote encryption. Victims are instructed to communicate via qTox or Telegram for payment and decryption instructions. Security experts warn that paying the ransom does not guarantee file recovery. Organizations are advised to secure their SMB services to mitigate risks.
Key Points: • WantToCry ransomware exploits open SMB ports for remote file encryption. • Ransom demands range from $300 to $1,800, significantly lower than typical ransomware. • Over 1.5 million devices with exposed SMB services are at risk of attack.