WannaCryptor wasn't the first to use EternalBlue: Attackers exploited vulnerabilities just days after Shadow Brokers leak

TORONTO, May 19, 2017 /CNW/ - New research from ESET® reveals key insights into WannaCryptor (a.k.a. WannaCry), a new type of ransomware that has become one of the largest cybersecurity stories in years. ESET has uncovered that other large-scale infections were misusing the EternalBlue and DoublePulsar exploits well before the WannaCryptor ransomware was spread.

The same mechanism as WannaCryptor had been misused by hackers as early as April 28^th, when they opted for off-the-shelf cryptocurrency mining software instead of the encrypting payload. This way, they connected the infected machines into a giant net mining the Monero cryptocurrency, in some cases leading to their overload and subsequent freeze or significant decrease in performance.

"It was expected to see multiple malware authors integrate EternalBlue into their malware: the effectiveness of this exploit on unpatched machines is indisputable. Until the number of unpatched machines goes down to an insignificant amount, there will be a strong incentive for bad actors to keep on exploiting the vulnerability to spread their malware," said Alexis Dorais-Joncas, security intelligence lead at the Montreal-based ESET global malware lab.

The WannaCryptor attack has resulted in a reverberating effect with many more hackers increasing their fforts in the wake of this global breakout. ESET has since seen a significant increase in the number of malicious emails sent out by the notorious Nemucod operators, spreading Filecoder.FV ransomware.

While Canadian companies managed to largely avoid the attack, major corporations around the globe fell victim to the WannaCryptor ransomware including FedEx Corp, Telefonica SA and Portugal Telecom. ESET has been able to protect its clients from more than 66,000 attack attempts thanks to its network protection module, which has been blocking attack attempts to exploit the leaked vulnerability at the network level since April 25^th, well before this particular malware was even created. While network detection was in place first, it was only one of many technologies that worked to protect users. Advanced Memory Scanner and file detection also came into play.

Other tips from ESET to prevent this massive global cybersecurity threat include:

1. Updating and patching your operating system. The EternalBlue exploit uses a vulnerability in the Windows that has already been patched by Microsoft.
2. Using a reliable security solution that has multiple layers to shield from similar threats in the future.
3. Keep backups on a remote hard disk or location that will not be targeted in case of a network infection.
4. Do not pay the ransom. There have been multiple stories where no decryptor or key was sent after the payment was made. There is also no way for the attackers to match the payment to a specific victim who sent it to one of the shared BitCoin wallets.

If you would like to learn more about this global cybersecurity threat and ESET's in-depth analysis of the situation, please visit www.WeLiveSecurity.com, where updates on the matter and cybersecurity insights are posted and updated daily.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET's high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET was the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single "in-the-wild" malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.

SOURCE ESET Canada

[ Back To TMCnet.com's Homepage ]