[BleepingComputer] Adylkuzz Cryptocurrency Miner May Have Saved You From WannaCry
[Image: Cryptocurrency.png]

Quote:Adylkuzz Cryptocurrency Miner May Have Saved You From the WannaCry Ransomware
New evidence has revealed that nearly three weeks before the WannaCry ransomware outbreak, at least one cybercrime group was using the same NSA exploits - ETERNALBLUE and DOUBLEPULSAR - to infect computers with malware that mined for the Monero cryptocurrency.

While this action was done to prevent other malware from infecting the same computer and clogging precious mining resources, this had the secondary effect of protecting some previously vulnerable computers from the virulent WannaCry ransomware attacks that took place over the last 4-5 days.

The one who spotted the Adylkuzz cryptocurrency miner is Proofpoint security researcher Kaffeine, the same researcher who discovered that the WannaCry group was using the ETERNALBLUE exploit to spread to new computers.

Because Adylkuzz had infected many vulnerable machines long before WannaCry and shut down their SMB port, the malware might have accidentally saved many potential victims from having their data encrypted by WannaCry.

Kaffeine also argues that many of the attacks attributed today to the WannaCry ransomware could very well be caused by Adylkuzz.

"Several large organizations reported network issues this morning that were originally attributed to the WannaCry campaign. However, because of the lack of ransom notices, we now believe that these problems might be associated with Adylkuzz activity."

To protect yourself from Adylkuzz or WannaCry, make sure to apply MS17-010 or these separate updates, if you're running older operating systems such Windows XP, Windows 8, or Windows Server 2003.

Possibly Related Threads…
Thread Author Replies Views Last Post
[BleepingComputer] New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two Albus 0 2,383 05-21-2017, 01:22 PM
Last Post: Albus

Forum Jump:

Users browsing this thread: 1 Guest(s)