WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Software Products Wednesday, May 24, 2017 
Add Press Release News | News Feeds Feeds | Email This News Email


WannaCryptor wasn't the first to use EternalBlue: Attackers exploited vulnerabilities just days after Shadow Brokers leak
Friday, May 19, 2017

TORONTO, May 19, 2017 /CNW/ - New research from ESET® reveals key insights into WannaCryptor (a.k.a. WannaCry), a new type of ransomware that has become one of the largest cybersecurity stories in years. ESET has uncovered that other large-scale infections were misusing the EternalBlue and DoublePulsar exploits well before the WannaCryptor ransomware was spread.

The same mechanism as WannaCryptor had been misused by hackers as early as April 28(th), when they opted for off-the-shelf cryptocurrency mining software instead of the encrypting payload. This way, they connected the infected machines into a giant net mining the Monero cryptocurrency, in some cases leading to their overload and subsequent freeze or significant decrease in performance.

"It was expected to see multiple malware authors integrate EternalBlue into their malware: the effectiveness of this exploit on unpatched machines is indisputable. Until the number of unpatched machines goes down to an insignificant amount, there will be a strong incentive for bad actors to keep on exploiting the vulnerability to spread their malware," said Alexis Dorais-Joncas, security intelligence lead at the Montreal-based ESET global malware lab.

The WannaCryptor attack has resulted in a reverberating effect with many more hackers increasing their efforts in the wake of this global breakout. ESET has since seen a significant increase in the number of malicious emails sent out by the notorious Nemucod operators, spreading Filecoder.FV ransomware.

While Canadian companies managed to largely avoid the attack, major corporations around the globe fell victim to the WannaCryptor ransomware including FedEx Corp, Telefonica SA and Portugal Telecom. ESET has been able to protect its clients from more than 66,000 attack attempts thanks to its network protection module, which has been blocking attack attempts to exploit the leaked vulnerability at the network level since April 25(th), well before this particular malware was even created. While network detection was in place first, it was only one of many technologies that worked to protect users. Advanced Memory Scanner and file detection also came into play.

Other tips from ESET to prevent this massive global cybersecurity threat include:

    1. Updating and patching your operating system. The EternalBlue exploit uses
       a vulnerability in the Windows that has already been patched by
       Microsoft.
    2. Using a reliable security solution that has multiple layers to shield
       from similar threats in the future.
    3. Keep backups on a remote hard disk or location that will not be targeted
       in case of a network infection.
    4. Do not pay the ransom. There have been multiple stories where no
       decryptor or key was sent after the payment was made. There is also no
       way for the attackers to match the payment to a specific victim who sent
       it to one of the shared BitCoin wallets.

If you would like to learn more about this global cybersecurity threat and ESET's in-depth analysis of the situation, please visit www.WeLiveSecurity.com, where updates on the matter and cybersecurity insights are posted and updated daily.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET's high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET was the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single "in-the-wild" malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.

SOURCE ESET Canada



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav DDN Names Industry Visionary Eric Barton as CTO for Software-Defined Storage | May 24, 2017
Nav BGI to work with Broad Institute, Intel and Alibaba Cloud to provide free access to GATK4 on BGI Online platform | May 24, 2017
Nav IPS Group unveils PARK SMARTER(TM) Mobile Payment Application | May 24, 2017
Nav IBM Accelerates Open Database-as-a-Service on IBM Power Systems | May 24, 2017
Nav XaitPorter is the Preferred Collaboration Tool Producing License Applications | May 24, 2017
Nav Penske Media Finance Team Appoints Executives To New Roles, Hires Tax Lead | May 24, 2017
Nav Swift Shift partners with BAYADA Home Health Care to improve the employee experience | May 24, 2017
Nav Elastifile Named a 'Cool Vendor' by Gartner | May 24, 2017
Nav New Hive-IO Release Runs Citrix XenDesktop for Superior User Experience, Simplified Management, and Easier Implementation | May 24, 2017
Nav Validian Protects Against Latest Ransomware & Zero Day Vulnerability Attacks | May 24, 2017
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News