Cloak and Dagger: The Aftermath (WannaCry and NotPetya Part 3 of 3)

The Aftermath

The recent rise in ransomware attacks has highlighted the growing threat of ransomware and the need for improved cybersecurity measures. Ransomware is a type of malicious software that encrypts a user’s data and demands a ransom payment in order to regain access. The WannaCry and NotPetya attacks were particularly devastating, as they spread quickly and affected hundreds of thousands of computers around the world.

The WannaCry and NotPetya ransomware attacks have been linked to the ShadowBrokers. The ShadowBrokers released two of these tools, EternalBlue and EternalRomance, which exploit a vulnerability in the Windows Server Message Block (SMB) protocol. These tools were then used by the WannaCry and NotPetya ransomware to spread quickly across networks.

Recent cyber and ransomware attacks have highlighted the need for improved cybersecurity measures. Organizations and individuals should ensure that their systems are up-to-date with the latest security patches, and that they have effective malware protection in place. Additionally, organizations should be aware of the potential risks posed by the EternalBlue and EternalRomance exploits, and should consider implementing additional security measures such as disabling the insecure SMBv1 protocol(which is how one of the primary methods the WannaCry ransomware strain spread so quickly).

Finally, organizations should be aware of the potential risks posed by the recently discovered BlueKeep vulnerability. BlueKeep is a critical vulnerability in the Remote Desktop Protocol (RDP) that could allow attackers to gain remote access to a system without authentication. Microsoft has released a patch for the vulnerability, and organizations as well as individuals should ensure that their systems are up-to-date with the latest security patches.

One thing to help mitigate the risk of RDP exploitation, and brute force attempts/attacks is to change the default port. This will be covered in a future post. One should also have at least ONE antivirus, as well as an actively functional firewall. This will help mitigate the risk of a ransomware attack, as well as other types of malware.

The WannaCry and NotPetya ransomware attacks have highlighted the need for improved cybersecurity measures. Organizations should ensure that their systems are up-to-date with the latest security patches, and that they have effective malware protection in place. Additionally, organizations should be aware of the potential risks posed by the EternalBlue and EternalRomance exploits, and should consider implementing additional security measures such as disabling SMBv1. Finally, organizations should be aware of the potential risks posed by the recently discovered BlueKeep vulnerability. By taking these steps, organizations can help protect themselves from the growing threat of ransomware.

With all this said and done, what are your thoughts on the WannaCry and NotPetya attacks? Do you think that the NSA is responsible? Finally, is there anything in particular you (the audience) would like to see on this blog? Let me know in the comments below!

Signing off for now,

//TheModdersDen