The latest ransomware attack used an alleged NSA exploit

Image: Cultura/REX/Shutterstock

An alleged NSA hacking tool has again surfaced to haunt the world.

Organizations across the globe — including Boryspil International in Kiev, Ukraine, a Russian oil company and an advertising company in the United Kingdom — have stalled out on Tuesday as a type of ransomware known as Petya has locked up their computers, demanding bitcoin in exchange for the return of those computers’ functionality.

The tool the ransomware uses to get inside computers is called Eternal Blue, and it’s more of an exploit than a tool. Leaked by a group (or person) known as the Shadow Brokers back in April, Eternal Blue is an exploit that finds a way into the transport protocols (think file sharing mechanisms and such) of computers running Windows that haven’t been patched in a few months. It’s proven to be a key ingredient for hackers looking to access a lot of Windows machines.

Hackers have discovered they can add Eternal Blue to a framework called Metasploit to do widespread damage. Metasploit is a system designed to test the vulnerability of a computer by seeing what holes an attacker might slip through. Hackers, though, have used it to see what kind of holes computers have, and have set up their attacks accordingly. Adding Eternal Blue to Metasploit has given even relatively novice hackers the ability to add a dangerous exploit to a framework that will test for for the corresponding vulnerability, among others. 

“The addition of the EternalBlue exploit to Metasploit has made it easy for threat actors to exploit these vulnerabilities,” researchers for Fire Eye, a cybersecurity firm, wrote in a report published on June 2. “In the coming weeks and months, we expect to see more attackers leveraging these vulnerabilities and to spread such infections with different payloads.”

Last month, hackers linked to the North Korean government used Eternal Blue to infect unpatched Windows machines, and did damage in more than 100 countries. That attack brought a ton of attention to Eternal Blue, and rightfully so, but researchers have found a number of other incidents in which hackers have tested the exploit on a smaller scale.

Hackers know that plenty of people never bother updating their machines, leaving them open to ransomware attacks. The best thing to do, especially if you’re reading this while running Windows, is to take the advice of those Fire Eye researchers and “update to the latest software versions as soon as possible.”