Latest Ransomware Xwo
Images: Shutterstock

Only a few days ago we alerted our users about ransomware called vxCrypt which improves your PC’s performance as it encrypts your file. However, another deadly malware called Xwo is the latest ransomware to make your online browsing experience perilous.

According to AT&T Alien Labs, Xwo is a different type of ransomware as it doesn’t encrypt your file but rather steals your credentials. The ransomware attacks computers with default credentials that can easily be broken.

How Does The Latest Ransomware Work?

Latest ransomware Xwo working

Xwo is similar to another malware called Mongolock — which formats files and backups of the target PC. There is no concrete information about how Xwo started spreading, however, the ransomware mimics websites of news and cybersecurity firms. Xwo registers them under the domain name ‘.tk’ which stands for Tokelau, New Zealand.

Xwo scans the web for default credentials using MySQL, MongoDB, Postgre SQL, etc. Default credentials for Tomcat, an open-source Jawa container, were also reported to be unsafe. This ransomware sends the scanned credentials to the command center via an HTTP POST request.

Things To Look Out For

latest ransomware xwo precautions

Xwo ransomware gathers information about Git paths, Default SVN, Git Repository, PHP admin details and more. The latest malware is on a surveillance mission to gather information that could signal a large-scale attack in the future.

According to AT&T Alien labs, Cloudfare C2 servers were affected by Xwo malware. The threat to these servers has since been taken care of. But it is unlikely that the attackers will rest anytime soon.

Usually, public access systems have defaults and weak credentials, thus restricted access to such terminals whenever they’re not in use is highly recommended.

Alien Labs has also released a list of malware indicators to minimize the threat of Xwo Ransomware.

A large-scale ransomware attack on the city of Albany in New York left the city administration crippled a few days back. A small medical center in Michigan was also shut down due to the ransomware attack.

With the addition of Xwo to the ever-expanding list of ransomware, users are advised to use strong passwords and keep offline backups of files.

Also Read: LockerGoga: The Dangerously Changing Face Of Ransomware