Last week’s WannaCry ransomware attack hit computers all across the world and also caused troubles in the UK, but a new report from the AFP now suggests that a larger scale and much more troubling cyber attack is underway. Reports show that the new ‘Adylkuzz’ attacks are on a scale that “could dwarf” the WannaCry attack, and use the infected computers to mine virtual currency.
According to the AFP, which interviewed Nicolas Godier, a researcher at the Proofpoint computer security firm, the new cyber attack targets the same vulnerabilities in the WannaCry ransomware worm. However, instead of disabling a computer, the new attack rather infects it to “mine in a background task a virtual currency (Monero or Bitcoin,) and transfer the money created to the authors of the virus.”
The new attack, named Adylkuzz, is linked to WannaCry, and according to Godier, “uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose. ” A blog post by Proofpoint suggests that the symptoms of infection and the attack include loss of access to shared Windows resources and degradation of PC and server performance.
Several large organizations reported network issues this morning that were originally attributed to the WannaCry campaign. However, because of the lack of ransom notices, we now believe that these problems might be associated with Adylkuzz activity. However, it should be noted that the Adylkuzz campaign significantly predates the WannaCry attack, beginning at least on May 2 and possibly as early as April 24. This attack is ongoing and, while less flashy than WannaCry, is nonetheless quite large and potentially quite disruptive.
This latest news comes right as hacking group the Shadow Brokers hinted at more exploits to come. Two major campaigns have already employed the newer attack tools and vulnerability, and Adylkuzz has already netted attackers thousands of dollars.