The second quarter of 2017 saw of the most severe cases of ransomware to date – WannaCry and NotPetya – surpassing the gravity of most other security news in that timeframe.
Ransomware continues as a leading cyberattack vector and cybersecurity experts tend to agree that these attacks will continue to evolve, increasing in number of affected hosts and total cost to the global economy. Both of these attacks were possible due to EternalBlue, an exploit generally believed to be developed by the U.S. National Security Agency (NSA) and leaked by the Shadow Brokers hacker group as part of the global WannaCry ransomware attack in May. EternalBlue exploits a vulnerability in the Server Message Block (SMB) protocol which is most commonly found in Microsoft Windows. NotPetya, released in June, also utilizes the same EternalBlue SMB exploit previously used by WannaCry, as well as the leaked EternalRomance SMB exploit from the NSA.