Not even a week after the WannaCry ransomware hack made its mark, affecting over 200k computers in over 150 countries, ranging from hospitals, schools, car factories, and shops, a second attack has begun, and it is far more formidable … and moving in stealth mode. 

Most of the articles you will read are unsure as to who the culprit is.

I of course offer my theory … 

We know programs developed by the NSA, known as EternalBlue and DoublePulsar, were leaked in April by the ShadowBrokers, and these are the tools being utilized to now commit the largest cyberware attacks in history.

“Initial statistics suggest that this attack may be larger in scale than WannaCry, affecting hundreds of thousands of PCs and servers worldwide: because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability, it may have in fact limited the spread of last week’s WannaCry infection,” 

 security researcher who goes by the alias Kafeine at cybersecurity company Proofpoint.

So far the only way this thing is being noticed is that PC’s and servers are beginning to slow down. 

The new attack appears to follow this format:

The EternalBlue exploit opens the door for infection, allowing DoublePulsar to target the machine. DoublePulsar then downloads and runs Adylkuzz, a cryptocurrency miner, on the computer.

Adylkuzz freezes any preexisting versions of itself on a target machine, while also blocking SMB network communications with other machines to prevent any further malware infections from disrupting its operations.

This enables it to prevent cybersecurity professionals from identifying that there is a problem. 

Once the door has been held open and detection risks have been minimized, Adylkuzz then downloads mining instructions, the cryptocurrency miner itself, and a variety of cleanup tools to mask its activities.

It is focusing solely on the cryptocurrency known as Monero.


Theory Time:

As the dollar is nearing its end (watch the movie: “The Big Short”), contenders for the new global currency are beginning to combat, and cryptocurrency is looking like the winner.

Digital currency in a rapidly emerging digital world.

Two competitors exist: Monero and Etherium.

Monero is a currency that focuses on privacy, decentralisation and scalability. Most cryptocurrencies are derivatives of Bitcoin, however Monero is unique, possessing significant algorithmic differences relating to blockchain obfuscation.

So basically, this is a currency that central banks cannot control, and it is untraceable.

Image result for monero

Its competitor: Etherium, has increased 10,000% in value in the last 16 months.

Because of Microsoft.

Microsoft saw the potential of Ethereum for blockchain service, using their cloud Azure platform early on, and has been driving that project forward ever since to its enterprise account base as the platform of choice.

So currently the hack that is taking place, is targeting Microsoft operating systems, and removing its competitor cryptocurrency Monero. 

Therefore the possibility that Microsoft is behind the cyberware attacks is very real.