A new ransomware attack similar to last month's self-replicating WCry outbreak is sweeping the world with at least 80 large companies infected, including drug maker Merck, international shipping company Maersk, law firm DLA Piper, UK advertising firm WPP, and snack food maker Mondelez International.
Like the WCry worm that paralyzed hospitals, shipping companies, and train stations around the globe in May, Tuesday's attack made use of EternalBlue, the code name for an advanced exploit that was developed and used by, and later stolen from, the National Security Agency.
With those network credentials in hand, infected computers would then use PSExec, a legitimate Windows component known as the Windows Management Instrumentation, and possibly other command-line utilities to infect other machines, even when they weren't vulnerable to the EternalBlue and EternalRomance exploits.
Kaspersky stopped short of saying MeDoc was the initial infection point in the attack chain, as did researchers from Cisco Systems' Talos group, which in its own blog post also said only that the attacks "may be associated with software update systems for a Ukrainian tax accounting package called MeDoc."
Those traits, which are sure to torpedo chances of the malware generating profits for its creators, prompted International Computer Science Institute researcher Nicholas Weaver to speculate the true intent of the malware developers was to sow destruction, not make money.
To read full article - https://goo.gl/1ZZd1k