ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Saturday Nov 25th 2017
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Event

Submit an event for consideration on ETHNews

Submit Event

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Events
Contact Us

Ransomware: Cryptocurrency Extortion

By

Dan

Cummings

WriterETHNews.com

Security researchers have discovered that the same tools used in the WannaCry attack were used to create a Monero mining botnet.

On May 12, 2017, an unknown entity unleashed a massive cyberattack on vulnerable Microsoft Windows systems worldwide. Known to the world as WannaCry, the ransomware worm crippled the computer systems of a number of large organizations, including Telefόnica, Britain’s National Health Service, FedEx, Deutsche Bahn, and LATAM Airlines. The attack involves complete system encryption and the subsequent demand of a bitcoin ransom that equates to between $300 and $1,200 in order to achieve complete system recovery.

In the wake of the attack, security researchers have discovered that the WannaCry Ransomware utilized some of the recently leaked NSA hacking tools, specifically EternalBlue, a Server Message Block (SMB) exploit, and DoublePulsar, an NSA backdoor. However, according to cybersecurity firm proofpoint, the WannaCry attack wasn’t the first time both of these NSA tools were used for malicious purposes. The same two tools were previously used by cybercriminals to create botnets that mine Monero by installing a cryptocurrency mining malware known as Adylkuzz on compromised systems. As per proofpoint, “It should be noted that the Adylkuzz campaign significantly predates the WannaCry attack, beginning at least on May 2 and possibly as early as April 24.”

It further elaborated:

“Upon successful exploitation via EternalBlue, machines are infected with DoublePulsar. The DoublePulsar backdoor then downloads and runs Adylkuzz from another host. Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools.”

Botnets consist of a collection of “zombie” computers infected with malware that an attacker can control remotely. This is advantageous to cryptocurrency mining operations, as the rigorous process requires tremendous computational power. Researchers believe Monero was chosen due to its anonymous characteristics.

According to proofpoint, the Adylkuzz malware makes use of multiple addresses “to avoid having too many Moneros paid to a single address.” One address contained over $22,000 before all operations were ceased. Another address was found to have over $7,000, along with a third which contained a payment total of over $14,000.

Nevertheless, due to its successful implementation in two major cybersecurity attacks, proofpoint recommends that major organizations update their systems with the respective SMB patch released by Microsoft. The cybersecurity company states:

“Two major campaigns have now employed the attack tools and vulnerability; we expect others will follow and recommend that organizations and individuals patch their machines as soon as possible.”

Dan Cummings

Dan is a Los Angeles-based musician, writer, and veteran passionate about science and technology, current events, human rights, economic impacts, and strategic calculus.

ETHNews is commited to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest WannaCry, ransomeware or other Ethereum technology news.