Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    WanaCry Ransomware Was Not The First To Use NSA's ETERNALBLUE


    Monero E-Currency

    April 14th this year, The Shadow Brokers released a stolen zoo of NSA hacking tools. One of these was ETERNALBLUE, a Windows exploit using an outdated Microsoft network communications protocal called SMBv1.

    Cybercriminals believed at this point to be North Koreans grabbed the exploit and used it to push the WannaCry ransomware into the world about a month later. Turns out that WannaCry wasn't the first malware to leverage ETERNALBLUE, it's called ADYLKUZZ and it's miner malware.

    Researchers at ProofPoint have discovered Adylkuzz that they believe has been operating since April 24, and it forces infected computers to mine for a Bitcoin-like cryptocurrency called Monero.

    Initial statistics suggest that this attack may be even larger in scale than WannaCry, affecting hundreds of thousands of PCs and servers worldwide: because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability, it may have in fact limited the spread of last week’s WannaCry infection.

    Monero Is Bitcoin's Black Sheep Cousin

    Monero doesn't have the brand recognition of Bitcoin, but it's among the top ten most-traded cryptocurrencies and has a market cap somewhere just south of $400 million. So far, ProofPoint tracked two separate payment addresses that received deposits totaling around $30,000 from the Adylkuzz botnet's mining efforts.

    Proofpoint Honeypot Gets Infected With Surprise Guest

    ProofPoint set up a honeypot to see how long it would take a vulnerable computer to get infected. Just 20 minutes after being connected to the Internet the malware had made its way onto the PC. ProofPoint traced the source of the infection to a group of powerful virtual servers in the cloud. 

    ProofPoint reported that Adylkuzz attacks are ongoing. The defense is the same as WanaCry, this post has a series of mitigation steps.  

    Don't be a victim! Get your Ransomware Hostage Rescue Manual.

    Ransomware Hostage Rescue ManualGet the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

    1. What is Ransomware?
    2. Am I Infected?
    3. I’m Infected, Now What?
    4. Protecting Yourself in the Future
    5. Resources

    Don’t be taken hostage by ransomware. Download your rescue manual now! 

    Get Your Manual

    Or cut & paste this link in your browser:  http://info.knowbe4.com/ransomware-hostage-rescue-manual-0

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews