Author: JP Buntinx / Source: The Merkle
Rumors are circulating on the internet regarding quite a recent type of ransomware making use of the Shadow Brokers’ exploits. Albeit security researchers are not entirely certain these claims are legitimate, it is a very troublesome development to consider. AES-NI ransomware has been around since late 2016, but it appears a new version may be circulating as we speak.
AES-NI Ransomware Should Not be Underestimated
Ever since The Shadow Brokers released their latest batch of alleged NSA exploits, the world has been waiting for someone to make use of them. Although that wait may not yet be over just yet, the developer of AES-NI ransomware claims he has found a way to integrate some tools into his creation. That is quite a bold statement, especially when considering there is very little evidence to back up these claims as of right now.
ETERNALBLUE is the exploit released by The Shadow Brokers of which the AES-NI ransomware is talking right now. To be more specific, this alleged NSA exploit allows hackers to target the SMBv2 protocol and infect Windows servers around the world. Once this process is complete, it could theoretically allow a ransomware developer to install a ransomware payload on these servers for further distribution and control. The only evidence to back up these claims is this screenshot, which does not validate the…
Click here to read more
