Wednesday, 28 June 2017

RansomWare attacks: who wrote the original code? The answer might surprise you!...


EternalBlue, sometimes stylized as ETERNALBLUE, is an exploit generally believed to have been developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on the 14 April 2017, and was used as part of the worldwide WannaCry ransomware attack on 12 May 2017. The exploit was also used to help carry out the 2017 Petya cyberattack on the 27 June 2017.

EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.

Please ensure that you are running up to date, patched systems, 
Contact Donline if you need help & advice on protecting your systems & data.