As information security enthusiasts continue to pour over the Shadow Brokers latest dump, the alleged cache of NSA tools is turning out to be a treasure trove for both researchers and criminals. Ransomware known as “AES-NI” has been updated with a so-called “NSA Exploit Edition” that the malware’s developer claims is now using EsteemAudit and EternalBlue exploits to infect machines, encrypt files and demand ransom for release. EsteemAudit and EternalBlue were two tools dumped in last week’s leak. A rash of forum posts show several ransomware victims running old, unpatched or unsupported Windows servers that have been infected. There has been no independent confirmation on how the new ransomware works, but the malware’s author claimed to CyberScoop that they are using NSA exploits. “We use SMB [Server Message Block] and RDP [Remote Desktop Protocol] exploits: Esteemaudit, Eternalblue,” the developer said. “They all are in public now.” Liam O’Murchu, the director of Symantec’s security […]
The post Shadow Brokers latest leak a gold mine for both criminals and researchers appeared first on Cyberscoop.
Continue reading Shadow Brokers latest leak a gold mine for both criminals and researchers→