Fraud & Identity Fraud & Identity

Fraud & Identity Industry News

TMCNet:  WannaCryptor wasn't the first to use EternalBlue: Attackers exploited vulnerabilities just days after Shadow Brokers leak

[May 19, 2017]

WannaCryptor wasn't the first to use EternalBlue: Attackers exploited vulnerabilities just days after Shadow Brokers leak

TORONTO, May 19, 2017 /CNW/ - New research from ESET® reveals key insights into WannaCryptor (a.k.a. WannaCry), a new type of ransomware that has become one of the largest cybersecurity stories in years. ESET has uncovered that other large-scale infections were misusing the EternalBlue and DoublePulsar exploits well before the WannaCryptor ransomware was spread.

ESET Canada (CNW Group/ESET Canada)

The same mechanism as WannaCryptor had been misused by hackers as early as April 28th, when they opted for off-the-shelf cryptocurrency mining software instead of the encrypting payload. This way, they connected the infected machines into a giant net mining the Monero cryptocurrency, in some cases leading to their overload and subsequent freeze or significant decrease in performance.

"It was expected to see multiple malware authors integrate EternalBlue into their malware: the effectiveness of this exploit on unpatched machines is indisputable. Until the number of unpatched machines goes down to an insignificant amount, there will be a strong incentive for bad actors to keep on exploiting the vulnerability to spread their malware," said Alexis Dorais-Joncas, security intelligence lead at the Montreal-based ESET global malware lab.

The WannaCryptor attack has resulted in a reverberating effect with many more hackers increasing their fforts in the wake of this global breakout. ESET has since seen a significant increase in the number of malicious emails sent out by the notorious Nemucod operators, spreading Filecoder.FV ransomware.

While Canadian companies managed to largely avoid the attack, major corporations around the globe fell victim to the WannaCryptor ransomware including FedEx Corp, Telefonica SA and Portugal Telecom. ESET has been able to protect its clients from more than 66,000 attack attempts thanks to its network protection module, which has been blocking attack attempts to exploit the leaked vulnerability at the network level since April 25th, well before this particular malware was even created. While network detection was in place first, it was only one of many technologies that worked to protect users. Advanced Memory Scanner and file detection also came into play.

Other tips from ESET to prevent this massive global cybersecurity threat include:

  1. Updating and patching your operating system. The EternalBlue exploit uses a vulnerability in the Windows that has already been patched by Microsoft.
  2. Using a reliable security solution that has multiple layers to shield from similar threats in the future.
  3. Keep backups on a remote hard disk or location that will not be targeted in case of a network infection.
  4. Do not pay the ransom. There have been multiple stories where no decryptor or key was sent after the payment was made. There is also no way for the attackers to match the payment to a specific victim who sent it to one of the shared BitCoin wallets.

If you would like to learn more about this global cybersecurity threat and ESET's in-depth analysis of the situation, please visit, where updates on the matter and cybersecurity insights are posted and updated daily.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET's high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET was the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single "in-the-wild" malware without interruption since 2003. For more information visit or follow us on LinkedInFacebook and Twitter.


[ Back To Fraud & Identity's Homepage ]

Industry Insights

(MobileID) Proactive Fraud Prevention

Interconnect-related fraud such as International Revenue Share Fraud (IRSF) and PBX hacking fraud continue to be a billion dollar problem to the telecom industry.

(Defender Shield) Defense solutions for the modern SMS ecosystem

SMS is a ubiquitous communication method for person-to-person (P2P) text messaging, which has been in use globally for nearly 20 years.

(Defender Shield) Preventing Grey Routes and the Multi-billion dollar Threat

The convenience of mobile messaging has brought communication efficiency to billions of consumers worldwide. As is often the case with widely accepted technologies; however, convenience can provide a vulnerable gateway to fraudulent activity.

Product Documents

Asset Protect

While unlimited or high-volume voice and SMS plans offer great value to subscribers, sometimes fraudsters exploit these plans to avoid paying termination and interconnect fees.

Defender Shield

In a world with ever-increasing Application-to-Person (A2P) messaging needs and competition, improving customer satisfaction and eliminating revenue leakage is key for protecting SMS profits.


Accurate and cost-efficient routing of voice calls and SMS is critical. Unfortunately, gathering reliable routing data on ported numbers and keeping up with constant changes in number plans is expensive and time-consuming.

Fraud Solutions

Communications fraud is a $20B annual global problem and growing. Companies are looking for peace of mind so that their business and their customers are protected from the onslaught of technology crime that is damaging their reputations and their balance sheets.