Dance of the Hillary Virus formats your mobile
eRumor made by – Internet and social media
Confirmation by Ayupp.com – Ransomeware Virus is real but Dance of the Hillary is Fake
More Samples –
Massive Ransomeware attack...Total 74 countries affected...Please do not open any email which has attachments with tasksche.exe. file
Please inform all contacts from your list not to open a video called the "Dance of the Hillary". It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on BBC radio. Fwd this msg to as many as you can!
Facebook & Whatsapp will be filled next few days with fake warnings like don't open "Dance of Hillary" video etc. while ignoring major threat of Ransomware ~facepalm~
ATM 's will be close for next 2-3 days probably, due to ransomeware cyber attack within India.
Don't do any online transactions today
Please inform all contacts from your list not to open a video called the "Dance of the Hillary". It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on BBC radio. Fwd this msg to as many as you can!
Ayupp Analysis – Internet around the world is hugely infected with Wanna cry ransomeware attack. Over 2,00,000 systems are estimated to be affected due to this. As per reports India was third most affected country by this Wanna ransomware virus.
Several types of news has been making rounds in the media whole day like –
Except africa all countries IT companies are hacked. Don't open any shopping carts today.
Don't do any online transactions today. Also avoid using ATM unless very urgent. Stay tunned with latest news for updates...
Also keep antivirus ON and do not operate bank n shopin sites or pay utility through mobile hold on for today before doin nythin…
Stay tunned with latest news for updates...Also keep antivirus ON and do not operate bank n shopin sites or pay utility through mobile hold on for today before doin nythin.....
Not sure about the genuinely of the above news about shopping sites being hacked. Still is better not to use during this time. Even the Government of India has given notification of not to use ATM machines as they are currently running Windows XP and the virus can easily infect this Operating System. Microsoft has released updates but it might take some time to update patch thoughout all ATMs in India. For our readers information - Almost 70% of ATM's in India run on Windows XP for which Microsoft had stopped giving security updates. Thats the reason they have become easy pray for hackers.
How this virus works in one of its form of phishing attacks –
User receives an email with link. When user clicks on it then the virus gets installed into your local machine and encrypts all your details. When you try to open any file then it asks for password. The password will be provided by the hacker and he demands ransom for it. They take bitcoins in return. Recently we reported news of Mongo DB database hacks which was also similar to this attack -
The below image clearly depicts how ransomware works -
Image courtsey - Wall street Journal
Precautions that can be taken to prevent ransomware attack -
1. Patch Installation – Make sure that all Workstations and Servers have the latest Microsoft patches, especially the ones related to MS17-010.
2. Antivirus should be updated and make certain that AV signatures are updated on all assets. Identify critical assets and target them first. Block IOCs on AV solution. Get the details with regards to the name of the malware and verify if this malware has been detected in the logs for last 1 week.
3. Intrusion prevention system (IPS) - Ensure IPS signatures are updated. Verify if the signature that can detect this vulnerability / exploit attempt is enabled and is in blocking mode. Get the details with regards to the name of the Signature and verify if this Signature has been detected in the logs for last 1 week.
4. eMail Gateway - Safeguard eMail Gateway solutions has all relevant updates for detecting possible mails that may bring the Trojan in the environment.
5. Proxy - Confirm Proxy solution has updated database. Block IOCs for IP Address and Domain names on the Proxy. Verify last one week logs for the IOCs on Proxy and take action on sources of infection.
6. Firewall - Block the IP addresses on Perimeter Firewall. Verify logs for last one week.
7. Anti - APT Solutions (Fortinet) - Ensure signatures are up to date. Check for possible internal sources of infection and take actions.
8. SIEM - Check logs to verify if any of the IOCs have been detected in 1 week logs.
a - If required, raise case with OEM for getting details
b - All changes to follow proper approvals and change management process
The Dance of Hillary warning is a hoax. There is no mobile phone virus threat like the one described. In fact, the message is just a mutated version of the earlier “Dance of the Pope” virus hoax.