WannaCry ransomware has been the most discussed PC virus lately. Currently, the malware is considered as one of the most dangerous infections, due to the fact that it combines a worm component with a ransomware element which makes it easy to be distributed. By now, approximately 400 malware samples have been found in the wild.
It’s been only a week since WannaCry ransomware hit the news, infecting about 300,000 devices in 150 countries worldwide, but it looks like cyber criminals have no intentions to stop the rage.
As security experts reported, WannaCry uses two NSA-hacking tools disclosed after the hacker group Shadow Brokers dumped classified documents online. The EternalBlue tool exploits a recent Windows vulnerability, while DoublePulsar helps it spread online.
The Windows vulnerability has been patched recently, and users were advised to keep their systems up to date, as well as to install a security solution on the devices they use.
According to researchers, the original WannaCry infections didn’t stem from someone carelessly falling for a phishing email scheme, but much more from the hackers scanning for some open ports.
As already mentioned, Microsoft has released a patch and even developed one for Windows XP, which had been discontinued and was no longer receiving security updates. It is considered that many of the infected devices were using XP, though, the latest data shows that most of these devices were actually running Windows 7.
The dump of NSA has a number of consequences which are going to be much more obvious. In fact, WannaCry ransomware with its 386 samples is believed to be the only start.
Recently, the security experts have found a brand new worm, named EternalRocks, which uses seven NSA hacking tools, compared to the two WannaCry tools. By this moment, the EternalRocks worm has not been weaponized with any type of malware, however, this can be done any time soon.