April 14th this year, The Shadow Brokers released a stolen zoo of NSA hacking tools. One of these was ETERNALBLUE, a Windows exploit using an outdated Microsoft network communications protocal called SMBv1.
Cybercriminals believed at this point to be North Koreans grabbed the exploit and used it to push the WannaCry ransomware into the world about a month later. Turns out that WannaCry wasn't the first malware to leverage ETERNALBLUE, it's called ADYLKUZZ and it's miner malware.
Researchers at ProofPoint have discovered Adylkuzz that they believe has been operating since April 24, and it forces infected computers to mine for a Bitcoin-like cryptocurrency called Monero.
Initial statistics suggest that this attack may be even larger in scale than WannaCry, affecting hundreds of thousands of PCs and servers worldwide: because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability, it may have in fact limited the spread of last week’s WannaCry infection.
Monero Is Bitcoin's Black Sheep Cousin
Monero doesn't have the brand recognition of Bitcoin, but it's among the top ten most-traded cryptocurrencies and has a market cap somewhere just south of $400 million. So far, ProofPoint tracked two separate payment addresses that received deposits totaling around $30,000 from the Adylkuzz botnet's mining efforts.
Proofpoint Honeypot Gets Infected With Surprise Guest
ProofPoint set up a honeypot to see how long it would take a vulnerable computer to get infected. Just 20 minutes after being connected to the Internet the malware had made its way onto the PC. ProofPoint traced the source of the infection to a group of powerful virtual servers in the cloud.
ProofPoint reported that Adylkuzz attacks are ongoing. The defense is the same as WanaCry, this post has a series of mitigation steps.
Don't be a victim! Get your Ransomware Hostage Rescue Manual.
Get the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:
- What is Ransomware?
- Am I Infected?
- I’m Infected, Now What?
- Protecting Yourself in the Future
Don’t be taken hostage by ransomware. Download your rescue manual now!
Or cut & paste this link in your browser: http://info.knowbe4.com/ransomware-hostage-rescue-manual-0