Malware, Ransomware, Vulnerability Management

Yatron ransomware uses NSA exploits

A ransomware-as-a-service (RaaS) dubbed Yatron plans to spread using EternalBlue and NSA exploits.

Oddly enough, researchers noted the ransomware has been promoted on Twitter by its creator who has tweeted promotions to various ransomware and security researchers, according to Bleeping Computer.

A security researcher who goes by the name "A Shadow" brought the ransomware to the researchers’ attention, which led to them examining a sample of the malware’s source code obtained through VirusTotal. The RaaS attempts to delete a victim’s files if payment isn’t made within 72 hours but researchers noted a user can simply terminate the ransom process using a tool like Process Explorer running as an administrator.

The ransomware is spread via P2P, USB and LAN and its code uses the EternalBlue and DoublePulsar exploits to spread to Windows machines on the same network via SMBv1 vulnerabilities that were long ago patched.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds