— Malware Unicorn (@malwareunicorn) 14 May 2017
If you affected by the current Ransomware attacks’ then its best to follow this advice and patch your systems before similar attacks are launched.
In what has been big news over the past 24 hours. Especially here in the UK is that the NHS has been hit with a large ransomware attack.
This is a pretty good write up of what was known at the time.
There have been easy fixes for this available for the past 2 months and it was just a matter of time until the tools that were developed by our American Friends, that they would be used against the general public.
Hopefully this is lessons learned for many organisations, and they realise that patching and running fairly up to date operating systems is important and not just something to achieve compliance.
Few more articles that contain good information about these events.
Also of note.
If you use intitle:”index of” “@WanaDecryptor@.exe” as a search on google, at the time of this update there are 67 results.
Not a good weekend for the world of IT admins.
The github link referenced below is being kept up today and contains some very good and useful information.
— Hacker Fantastic (@hackerfantastic) 13 May 2017
In what feels like perfect timing from Microsoft, it seems they had already released patches for some if not all of the exploits released these past few days by the file dump by the ShadowBrokers.
|“EternalBlue”||Addressed by MS17-010|
|“EmeraldThread”||Addressed by MS10-061|
|“EternalChampion”||Addressed by CVE-2017-0146 & CVE-2017-0147|
|“ErraticGopher”||Addressed prior to the release of Windows Vista|
|“EsikmoRoll”||Addressed by MS14-068|
|“EternalRomance”||Addressed by MS17-010|
|“EducatedScholar”||Addressed by MS09-050|
|“EternalSynergy”||Addressed by MS17-010|
|“EclipsedWing”||Addressed by MS08-067|
This has been taken straight from the Microsoft Blog.
Regardless how this happens does not matter, it is just good to know that most if not all of these issues released are patched.
***On 17th April, we have a news article on the BBC that actually covers this story by Microsoft
It is good to see that we are getting better as an industry to fix and patch these exploits.
Further apparent NSA tools have been released and this time there is alot more information contained with the files. This tool in particular looks quite similar to metasploit.
@hackerfantastic have been investigating these tools and posting their findings, I believe there are going to be fun times in the next week or so!
— Hacker Fantastic (@hackerfantastic) 14 April 2017
The ShadowBrokers have released the password for the EQGRP files.
There is a repository on github that has downloaded and starting to delve deeper into the contents of these files.
These list various exploits, I’ve not had the chance to look through much of these yet, but over the next few days, I will be having a read and a play around with these files to see what things can be learnt from them.
The password for the original file leak is – CrDj”(;Va.*NdlnzB9M?@K2)#>deB7mN
Currently you can download the files from here.
Now that these have been released, the patches for many of these exploits should follow – if not so already patched.