WannaCry again? Meet Adylkuzz, its sneaky cryptocurrency mining sibling

More than 400,000 computers wrldwide have been infected with WannaCry ransomware since the beginning of the devastating attack on May 12th, 2017. WannaCry has compromised standalone and networked Windows computers, at home and in the enterprise. The initial attack was made possible because of EternalBlue, the vulnerability exposed by the Shadow Brokers, an anonymous group who claim they will expose more zero–day vulnerabilities soon. Around the same time experts were trying to handle the WannaCry attack, they detected another computer virus in the same family as WannaCry: Adylkuzz.

What is Adylkuzz?

Silently installing itself in the background of your computer, Adylkuzz is a virus that runs software which mines Monero, a cryptocurrency similar to Bitcoin. This virus exploits the Doublepulsar and EternalBlue vulnerabilities for attacking systems, and neutralizes Server Message Block (SMB) networking to prevent further attacks from other malware via that same vulnerability. Surprisingly, WannaCry could have had a larger impact if Adylkuzz didn’t prevent other malware from exploiting the SMB vulnerability.

Discovery of Adylkuzz

While exploring the impact of WannaCry, a few security researchers exposed their lab machines to the EternalBlue vulnerability to identify exactly how WannaCry infects systems; instead, they discovered new malware called Adylkuzz, which was more prominent than WannaCry. Those researchers repeated the operation a few times, exposing a few other machines with the same vulnerability to the web. Their machines ended up being enrolled in an Adylkuzz mining botnet, which activates this virus.

Read the entire article here, WannaCry again? Meet Adylkuzz, its sneaky cryptocurrency mining sibling « ManageEngine Blogs

via the fine folks at ManageEngine