WannaCry Clone Marks the Fourth Major Ransomware Attack Against the Ukraine in two Months

While most people have all but forgotten about the WannaCry ransomware attack, residents of the Ukraine are dealing with a clone of this destructive malware. More specifically, it is one of the many ransomware campaigns targeting Ukraine specifically, which is quite problematic. This new clone does not have an official name yet, but it shows clear similarities to WannaCry.

Ukraine is a big Target for Ransomware Attacks

It is unclear why we currently have so many malware campaigns targeting Ukrainian consumers and corporations. Four different distribution campaigns have been discovered so far, although it is possible that number will continue to increase over the coming months. More specifically, the latest distribution campaign spreads a clone of the infamous WannaCry ransomware to as many people as possible. That is quite a problematic development, to say the least.

So far, several samples of this unnamed malware have been submitted to VirusTotal. A preliminary analysis shows it is flagged as a WannaCry clone, although no one knows for sure who is behind this particular malware strain. It does appear the malware has been in circulation since Monday, which makes it a precursor to the recent NotPetya global cyber warfare attack.

Security researchers have uncovered one particular aspect of this WannaCry clone, though. It appears the ransomware component can be found in a program directory on the hard drive which is specific to the M.E.Doc IS-pro software. More specifically, this particular software is a very popular accounting tool in the Ukraine. It is not the first time the program’s update servers have been used to launch malware attacks this year. This seems to hint at how someone has successfully hijacked the update server for malicious purposes.

The company responsible for developing this accounting software denies any allegations of hosting trojanized versions of its app. That is quite interesting, considering multiple security research companies have confirmed the ransomware attack is originating from their servers. An official investigation is underway to get to the bottom of this problem and make sure no further attacks can be linked to the company.

It is evident this new ransomware is designed to look like WannaCry, even though it offers nothing spectacular. It is a visual clone, but that is where the similarities end. Under the hood, it is a very different type of malware, considering it is coded in .NET rather than C. It also doesn’t use an NSA exploit to spread itself, which makes it less of a threat to the entire world. It is evident a lot of ransomware developers want to ride the coattails of popular malware types.

The bigger question is why someone is deliberately targeting the Ukraine with so many ransomware attacks right now. It is almost as if someone has an actual grudge against the entire country, for some unknown reason. Four different ransomware attacks against one country in the span of just a few months is very problematic, to say the least. It is certainly possible this is all part of a larger cyber warfare threat which remains shrouded in mystery for the time being.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.