With the shadowbrokers release of NSA tools last month came something very scary for most Windows users. A file named Eternalblue was included, which was a remote SMBv2 exploit (CVE-2017-0143) that could be used for RCE. This exploit has been used in the now infamous “WannaCry” ransomware that has been sweeping the globe in a massive cyber attack.
On May 12, a security researcher by the name of ‘MalwareTech’ found a unregistered domain within the code, that happened to be its killswitch. With the shutdown of WannaCry many were excited, but it hasn’t ended yet. A new version has been seen spreading around even after friday.
This new version of WannaCry is the same as its predecessor but without a kill switch this time. A patch was put in a update released by microsoft on sunday. But in order to be even more secure from this fast spreading malware you can try disabling SMB! So far WannaCry has gained 200,000 victims in a minimum of 150 countries, we will definitely keep watching this as it continues to spread and keep giving away security tips.