New ransomware danger: from Ukraine comes XData. How to defend yourself

The new ransomware virus allegedly uses very sophisticated unknown encryption techniques that make file recovery impossible

The world continues to remain in the grip of hackers. After WannaCry, the attack that infected over 300,000 computers and held companies and institutions hostage, the next threat to global cybersecurity could come from Ukraine, where a new ransomware has been discovered.

According to some cybersecurity experts, if the ransomware virus were to cross Ukrainian borders and spread like wildfire to the rest of the world, it would have devastating effects. XData, the new virus identified on Thursday by a researcher of MalwareHunter, would use a very sophisticated technique, and at the moment inviolable, to encrypt the data present in the hard disks of the affected machines. What is also scary is the number of infections found. Compared to WannaCry, which has only been traced in 30 cases in Ukraine, XData is said to have already struck 94 times. So, with a faster frequency.

XData, a ransomware still unknown

Researchers are still trying to understand the scope of the new virus and the attack technique used. The ransomware, once penetrated on infected devices, would make it impossible to recover encrypted data. XData would manifest itself to the victims in unusual ways, if compared for example with those shown by this kind of malware.

Starting from the fact that it would not specify the amount to be paid to get the decryption keys.

XData, then, according to the experts' opinion, would seem to select the victims, making a distinction between companies and simple users. And that's not all. All the information related to the attack would be contained in a note and would not appear directly on the displays, as in the case of WannaCry. What's more, compared to "classic" ransomware, XData would not need to connect to the Internet after hitting a device.

XData: does it exploit new vulnerabilities?

In the meantime, researchers are starting to question whether or not the newly discovered ransomware uses vulnerabilities in operating systems to strike. The hope is that they are the same ones exploited by WannaCry. The ransomware had managed to infect more than 300 thousand computers using a Windows flaw that had already been fixed by Microsoft with an update. Experts fear that XData may use new vulnerabilities and generate a global attack with worse consequences than WannaCry.

How to protect yourself

While waiting to learn more about XData, it is good to keep Windows up-to-date. The best way is to check if your machine has the MS17-10 security patch installed, which covers precisely the vulnerabilities used by WannaCry.