The WannaCry ransomware campaign wasn’t the first to use the EternalBlue and DoublePulsar exploits. ESET has revealed that they were first used at the end of April when hackers Monero cryptocurrency mining software.
The massive campaign that spread the WannaCry (aka WannaCryptor) ransomware wasn’t the only recent large-scale infection misusing the EternalBlue and DoublePulsar exploits, leaked by Shadow Brokers. The same mechanism was misused by black-hats as early as the end of April, when they opted for the off-the-shelf Monero cryptocurrency mining software, instead of the encrypting payload.
This campaign detected as Win32/CoinMiner.AFR and Win32/CoinMiner.AFU started only a few days after the NSA tools leaked online. ESET had network detections for the vulnerability deployed on April 25th – three days before the first attack attempts by these miners for Monero cryptocurrency.
The biggest uptick was recorded only hours before the mining ransomware’s global outbreak, on May 10th. On that day, mining malware detections increased from hundreds of detections per day to thousands. We have seen such attempts in as many as 118 countries, with Russia, Taiwan and Ukraine topping the list.
However, the mining software consumed system resources so intensely that in some cases it rendered the infected machines unresponsive.
Interestingly the CoinMiner attacks also blocked the 445 port used by the EternalBlue exploit to get into the machine, essentially closing the door to any subsequent infection using the same vector – including WannaCry. If the miners hadn’t taken this precaution, the number of WannaCry infections could have been even greater than reported.
So how bad was the WannaCry attack?
According to ESET telemetry, since Friday, the machines of more than 14.000 users who have enabled ESET LiveGrid, has reported as many as 66.000 WannaCry attack attempts on their devices.
These attacks mainly targeted Russian computers, with over 30.000 attacks, followed by Ukraine and Taiwan, where in both cases they were close to the 8.000 mark.
The chaos that ensued after WannaCry’s global outbreak seems to have motivated other black-hats to scale up their efforts too. We have seen a significant increase in the number of malicious emails sent out by the notorious Nemucod operators, spreading another ransomware.
Also, WannaCry fakes have emerged. These try to ride the wave of its fame by using the same GUI and layout. However, the encrypting capability was missing in all seen instances.
What should you do to stay safe?
- Since the EternalBlue exploit uses a vulnerability in Windows that has been already patched by Microsoft, the first thing would be to verify the completion of the update and the patch to your operating system.
- Use a reliable security solution that utilises multiple layers to protect you from similar threats in the future.
- It is best practice to keep backups on a remote hard disk or location that will not be hit in case of a network infection.
- We recommend that users do not pay ransoms – be it a case of the true WannaCry or any other ransomware. There have been no reported cases where pursuing such a step would lead to decryption. On the contrary, there have been multiple stories documenting the opposite – no decryptor or key being sent after the payment was made. Also, there seems to be no way for the attackers to match the payment to the specific victim who sent it to one of the shared BitCoin wallets.
Win a Poster Heater with Gadget and Takealot.com
This winter Gadget and Takealot.com are giving away three Poster Heaters, which look like posters but become heaters when you plug them in.
Three Gadget readers will each win a unit, valued at R550 each. To enter, follow @GadgetZA and @Takealot on Twitter and tell us on the @GadgetZA account how many Watts the heater consumes.
What’s the big deal about these heaters? Many of us are struggling to keep the balance between soaring electricity costs and the need to keep warm this winter.
However, the recently launched Poster Heater by EasyHeat and distributed in South Africa by Takealot.com is not only one of the most cost effective electric heaters currently on the market, it is also easy to setup and use.
As the name indicates, it is a poster similar to one you would hang on a wall. But, plug it in and it turns into a 300 Watt heater. The Poster Heater isn’t designed to heat hallways or large rooms, but rather smaller ones like a bedroom or a baby’s nursery or a dressing room.
It uses radiant heating, which means that it heats up in a couple of minutes and the heat is directed at the objects or people around it, quickly taking the chill out of the air and providing a comfortable ambient temperature.
The other advantage of radiant heating is that it doesn’t dry out the air like infrared or gas heaters. Users also don’t have to worry about their children or pets getting too close to it because, even though it gets hot, it can be touched.
To enter the competition follow the steps below:
Competition entry details:
3. The competition closes on 31 July 2018.
4. Winners will be notified via Twitter on 1 August and Takealot.com will be in touch to organise delivery.
5. The competition is only open to South African residents.
Happy Emoji Day! Here’s 10 reasons to be cheerful
First created by Shigetaka Kurita in 1999, the emoji has become a huge part of everyday communication. Whether you love them or hate them, flying dollar bills, applauding hands and rolling eyes are here to stay.
Scientist suggest that the use of emojis will help us gain the same satisfaction from digital interactions as we enjoy from personal contact.
Almost two decades later, and we have over 2600 unique emojis to perfectly express what we feel, thank you Mr Kurita! Join HMD, the home of Nokia phones as we celebrate World Emoji Day on the 17th of July with these interesting emoji facts:
The most popular emoji used is “Person Shrugging”
1. The Nokia 3310 was chosen as one of the first 3 “National” emojis for Finland… it represents unbreakable!
2. South Africa’s favourite emoji is the “Kiss and wink”… how sweet SA!
3. French is the only language where a ‘smiley’ does not top the list for its use
4. On average, over 60 billion emojis are sent on Facebook every day
5. For the first time ever, the Oxford Dictionaries Word of the Year was a pictograph! The “Face with Tears of Joy” was crowned word of the year in 2015
6. According to Emojipedia, some of the most requested emoji’s include afro, a bagel and hands making a heart
7. To include all races, a diversity pack was released in 2017
8. It has become so trendy that the Museum of Modern Art displays the original emoji collection on canvas
9. In 2009, Herman Melville’s classic Moby Dick was completely translated into emoji’s