wannacry ransomware

Pierluigi Paganini June 11, 2017
Police seized two Tor relays investigating WannaCry attack, others disappeared in the same period

France’s cyber-crime investigation unit OCLCTIC seized one server running two Tor Relays Investigating the WannaCry attack. A few days after the massive WannaCry attack the French authorities seized a server running two Tor relays in connection to the ransomware campaign, both relays were also working as Tor entry guard nodes, key components of Tor routing when […]

Pierluigi Paganini June 03, 2017
NSA Exploit EternalBlue is becoming even common in hacking tools and malware

Security Experts are observing a significant increase in the number of malware and hacking tools leveraging the ETERNALBLUE NSA exploit. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of malware developers. Investigations on WannaCry […]

Pierluigi Paganini May 30, 2017
You can take Shadow Brokers Zero Day Exploit Subscriptions for $21,000 per month

Shadow Brokers is going to launch a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month. A couple of weeks ago, while security experts were debating about WannaCry ransomware and the NSA exploits it used, the Shadow Brokers group revealed its plan to sell off new exploits every month starting from June. […]

Pierluigi Paganini May 26, 2017
Flashpoint experts believe WannaCry authors speak Chinese after a linguistic analysis

Security experts at threat intelligence firm Flashpoint conducted a linguistic analysis of dozens of ransom notes displayed by the WannaCry ransomware. Malware researchers at threat intelligence firm Flashpoint conducted a linguistic analysis of 28 ransom notes displayed by the WannaCry ransomware. Flashpoint analyzed 28 WannaCry ransom notes written in various language including Chinese (both simplified and […]

Pierluigi Paganini May 23, 2017
Expert founds EternalRocks, a malware that uses 7 NSA Hacking Tools

A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware. The security expert Miroslav Stampar, a member of the Croatian Government CERT, has discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw in the SMB protocol to spread itself like the popular WannaCry ransomware. […]

Pierluigi Paganini May 22, 2017
At least 3 different groups have been leveraging the NSA EternalBlue exploit, what’s went wrong?

At least 3 different groups have been leveraging the NSA EternalBlue exploit weeks before the WannaCry attacks, here’s the evidence. In the last days, security experts discovered numerous attacks that have been leveraging the same EternalBlue exploit used by the notorious WannaCry ransomware. The Shadow Brokers hacker group revealed the exploit for the SMB vulnerability in April, but […]

Pierluigi Paganini May 21, 2017
Medical Devices infected by WannaCry Ransomware in US hospitals

According to Forbes, the dreaded WannaCry ransomware has infected medical devices in at least two hospitals in the United States. WannaCry infected 200,000 computers across 150 countries in a matter of hours last week, it took advantage of a tool named “Eternal Blue”, originally created by the NSA, which exploited a vulnerability present inside the earlier […]

Pierluigi Paganini May 20, 2017
UIWIX, the Fileless Ransomware that leverages NSA EternalBlue Exploit to spread

Security experts discovered a new ransomware family, dubbed UIWIX, that uses the NSA-linked EternalBlue exploit for distribution The effects of the militarization of the cyberspace are dangerous and unpredictable. A malicious code developed by a government could create serious problems for the Internet users, the recent WannaCry massive attack demonstrates it that used the EternalBlue Exploit to […]

Pierluigi Paganini May 17, 2017
CISCO start assessing its products against the WannaCry Vulnerability

The tech giant Cisco announced an investigating on the potential impact of WannaCry malware on its products. Recent massive WannaCry ransomware attack highlighted the importance of patch management for any organization and Internet users. Another Tech giant, Cisco announced it is investigating the potential impact of WannaCry malware on its products, especially on its solutions that […]

Pierluigi Paganini May 17, 2017
Some machines can’t be infected by WannaCry because they have been already infected by Adylkuzz

Security experts at ProofPoint security discovered that many machines can’t be infected by WannaCry because they have been already infected by Adylkuzz. The recent WannaCry ransomware attack wasn’t the first to use the NSA-linked EternalBlue and DoublePulsar hacking tools. Proofpoint researchers have discovered that the cryptocurrency miner Adylkuzz, was the first threat that used the EternalBlue exploit to trigger […]