The EternalBlue exploit, once stolen from the US National Security Agency, continues to be used by attackers as a component of the redundant software.
The new WannaMine virus, created on the basis of EternalBlue, secretly minces the cryptocurrency on the computers of the victims. The WannaMine virus can infect a computer in many ways – from clicking on a malicious link to targeted remote penetration into the system.
First, the virus uses the Mimikatz tool to access logins and passwords in the computer’s memory. If Mimikatz cannot cope with the task, then EternalBlue comes to the rescue.
If the computer is part of a corporate network, for example, is in the office, WannaMine will infect other computers with stolen data, which can paralyze the company for a few days or even weeks.
Bryan York, director of the security agency CrowdStrike: “If earlier EternalBlue was used only by state-level hackers, now it becomes more common and appears in the viruses of ordinary cybercriminals.”
The EternalBlue exploit formed the basis of the global WannaCry virus, which hit 150 countries around the world in 2017. During this time, its creators earned a total of about $ 140,000 in bitcoins, and the total damage from the attack was estimated at $ 1 billion.
WannaMine at first glance seems a less aggressive version of its older brother WannaCry, as it does not block the user’s computers, requiring a ransom.
However, hidden mining leads to processor overloading and exit from the user equipment stack. Observations of the experts of the company Recorded Future, conducted since May 2017, allow to draw a conclusion about the tendency of the attackers to move from powerful attacks with the help of extortion viruses to long-term hidden mining.
It’s important to take care of your system’s security and protect it from the latest viruses and trojans. Keep your data backed up. It’s always better to be safe than sorry.