WannaCry was possible because Shadow Brokers leaked several vulnerabilities of Windows operating systems that were exploited by third parties. It is a ransomware that just a few days ago could infect thousands of computers worldwide and yet only used two of these vulnerabilities that were previously exploited by the United States National Security Agency. Now, Doomsday takes advantage of six, and promises to create even more problems than WannaCry.
What has happened with WannaCry, the massive ransomware, does not seem like an isolated case. The ransomware that affected us several days ago managed to infect more than 300,000 computers worldwide, and did so using two vulnerabilities published by Shadow Brokers. In fact, the group of computer experts published five other vulnerabilities during the month of April, but with only two of these exploits of the NSA, WannaCry became a massive global infection. Afterwards, Adylkuzz followed in his footsteps to quietly cripple a criptomoneda into even more teams, creating a network of bots.
FFS. Somebody is spreading THIS with delayed download/start. People, this is going to be huge. Prepare yourself in a day or two! pic.twitter.com/WqJE9QKRSV
— Miroslav Stampar (@stamparm) May 18, 2017
A new ‘virus’ still more powerful than WannaCry
This virus is called Doomsday, and it is a new malware infection that uses a total of six vulnerabilities. That is, there is only one of those filtered by the group Shadow Brokers that has not been taken advantage of in this new malware that, a priori, could cause even more problems than WannaCry. The flaws that are exploited by this threat of malware are in majority based on SMB. Although for this, Microsoft has already released, in March, the corresponding security patches to prevent this exploit. However, the same patches should have prevented WannaCry’s advance and then too dozens of large companies were affected worldwide.
Another important risk that this malware causes is that, unlike WannaCry, it does not have a ‘kill switch’. That is, WannaCry could be stopped by just registering a domain to which it launched its queries to slow the advance. But Doomsday, according to experts in computer security, has no system to stop the massive infection through local networks once a single computer within it has been affected.