On Friday, May 12 the Wanacryptor 2.0 (Wannacry) ransomware began spreading like wildfire across thousands of computers across the world. Over the past two days Wannacry has claimed over 223,000 victims using Windows operating systems through an alleged U.S. National Security Agency (NSA) exploit called an SMB worm.
Ransomware Hackers Allegedly Used Two NSA Crafted Exploits to Load the Malware Rapidly
According to various reports from security groups and tech publications, the Wannacry malware has spread to over 223,000 infections globally. It is purported that the ransomware uses a protocol called an SMB worm which is claimed to be a modified version of the NSA’s “Eternal Blue” exploit leaked by the Shadow Brokers. This weekend Microsoft has released another set of patches to fix XP and Windows 8 operating systems as it had previously published a patch for other versions this past March.
Currently, there are a few methods online from security organizations and anti-virus services offering ways to remove Wannacry from a computer. Experts believe these removal procedures and the recently released patches for older Windows operating systems should curb the infections to a minimum. However, it is currently impossible to decrypt the files as there is no decryption tool available to the public for Wannacry so far.
Various security experts say this type of malware may be infecting systems so rapidly because of another exploit allegedly crafted by the NSA and leaked by the Shadow brokers. Security professionals such as CERT Spain say that not only is a modified version of Eternal Blue being used, but another NSA protocol called “Double Pulsar” has been spotted acting as a “malware loader.”
The Three Bitcoin Addresses and the Shadow Brokers
So far the only clues to the identity of the hackers are three bitcoin addresses which are slowly filling up with thousands of dollars. On day one, Bitcoin.com reported the group had acquired US$10,000 worth of bitcoin. Since then the wallets (1, 2, 3) have accumulated a lot more transactions, most all of them $300 increments (the Wannacry decryption fee) adding up to a total of $35,000 at the time of writing. Stefan Tanase, a security researcher at Kaspersky Lab, says he expects the flow of money to increase after the weekend as many businesses may be unaware they have been infected.
Additionally this past April the Shadow Brokers had warned bureaucrats that there was more to come after they had leaked a new batch of exploits they claim were tethered to the NSA. “Who knows what we have coming next time,” explained the anonymous group.
So far the group has published five separate leaks over the internet that contained zero-day exploits and vulnerabilities against enterprise networks, and Windows operating systems. The group claims the protocols were built by the NSA and the Office of Tailored Access Operations. There are theories at the moment that the Shadow Brokers may be tied to an NSA whistleblower like Edward Snowden, but these reports remain unproven.
All Eyes on the NSA
Most of the media has their attention focused on the NSA, and there haven’t been many shots fired at bitcoin’s reputation, which is a positive outcome. Some skeptics believed the price drop, which coincidentally took place roughly around the same time, may have been attributed to the malware attacks. However, most bitcoin proponents thought there was no connection as the price was due for a healthy correction anyway after reaching historic levels.
Now people suspect the NSA leaks may be weaponizing criminals with tools that can undoubtedly cause havoc across the world. Even Microsoft is pointing fingers at the U.S. security agency and governments in general hoarding exploits.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” explains Brad Smith Microsoft’s president and chief legal officer. “This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”
An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.
The scariest thing to most people throughout the world is that the tools being released are likely connected with government entities. These exploits show the possibility of the NSA having more back doors and oversight into our software than we could ever have imagined.
What do you think about the recent ransomware epidemic supposedly caused by the NSA leaks? Let us know what you think in the comments below.
Images via Bitcoin.com, Twitter, Pixabay, and Kaspersky Lab.
At News.Bitcoin.com all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published.