All about Yatron Ransomware using EternalBlue NSA Exploit

Ransomware news is out that a new kind of Ransomware-as-a-service (RaaS) variant is on the prowl on the dark web which is spreading widely by using the EternalBlue NSA exploits.

Dubbed as ‘Yatron Ransomware’ the said malware is being promoted on Twitter by its creator. And a security researcher with the name ‘The Shadow’ was the first one to alert the world on this issue.

The highlight of Yatron Ransomware is that it deletes the encrypted data of the victim if the demanded ransom of $300 in BTC isn’t paid within 72 hours.

However, a source from Bleeping Computer said that the malware extension can be easily terminated by using a tool like Process Explorer which is run with admin powers.

Technically speaking, Yatron is being spread via P2P, USB and LAN networks via the EternalBlue and DoublePulsar exploits- similar to that of WannaCry. It is reported to be spreading through the network of Windows Machines via SMBv1 vulnerabilities that were long ago patched.

Cybersecurity Insiders has learned that the said malware is being offered via RaaS for $100 and the possible idea is to not make money with the ransomware, but to propagate it to cybercriminals as much as possible.

Details on how many computer networks were affected by the ransomware and how many paid to free up their database are yet to be known.

Note 1- Ransomware is a file-encrypting malware which locks down a database from access until a ransom is paid.

Note 2- Ransomware-as-a-service is a malware-spreading service where cyber crooks sell the malware code to interested prospects who later spread the ransomware to make money.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display