Photo: Getty

A week after WannaCry induced worldwide panic, another vicious ransomware attack is currently underway.

Despite being contained primarily to Ukraine (for now), the new malware, dubbed “XData,” was rated the second-most infectious globally on Friday by a security researcher at MalwareHunterTeam, a group instrumental last week in alerting us to the WannaCry threat.

Advertisement

The researcher, who did not wish to be identified by name, said that in Ukraine XData already has an infection rate three times that of WannaCry. That number is merely an estimate, however, based on details submitted to the team’s ID Ransomware platform. MalwareHunterTeam has detected around 100 infections today so far.

Worse yet, it’s not immediately clear how XData is being spread, though an attack by spam seems unlikely. “[There are] too many victims in too short a time,” the researcher said.

Advertisement

Even on a good day and with the assistance of a botnet, “you simply won’t get this number with spam,” they said. “Maybe you get a number like this for [the whole planet].” But right now, “this is mostly one country, with a few victims in others.”

While XData appears localized now, it could easily jump the fence. After all, WannaCry kicked off in only a handful of countries (Russia, Taiwan, and Spain) before rapidly turning into a global pandemic.

Information isn’t coming easy, but so far the MalwareHunterTeam has identified (among other victims) a Ukrainian factory, as well another company whose accounting department is apparently infected. The researcher has seen infections in Windows Server 2008 (including the R2 version), Windows 7, and Windows 10. “But there are others probably,” they added.

The attackers responsible have not yet been identified.

Gizmodo reached out to a number of security researchers in Ukraine, but none were immediately available. (At time of writing it was midnight in Kiev.)

The good news is that XData has caught the attention of some talented security researchers. The bad news is they don’t believe there’s anyway to decrypt the infected devices for free.

This post will be updated with new information as it becomes available.