A week in security (May 15 – May 21)

Last week was dominated by the WannaCry ransomware and the discussions ensuing it. We published:

• A quick roundup of everything we found out in the first few days.
• How did it spread? Was it by email, was it a targeted attack? Or was it just the worm?
• We found a decryptor that works in some cases and explained how to use it.

Others discussed:

• Who’s to blame? Microsoft points at the NSA for stockpiling vulnerabilities.
• Kaspersky pointed out similarities to the Lazarus APT.
• The security researcher that registered the first killswitch got doxxed by the British tabloids.
• And statistics showing that Windows 7 computers were hit the hardest.

In other news we celebrated Privacy Awareness Week, highlighting the two main themes:

1. Share with care.
2. Trust and transparency.

And we gave out some pointers on what to consider and how to act when you have reason to believe that your personal information was stolen.

Other important security news:

• Researchers from Carnegie Mellon University, Seagate, and the Swiss Federal Institute of Zurich published a paper entitled "Vulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques." Our friends at Bleeping computer explained the found vulnerability of SSD drives.
• A Croatian security investigator has discovered a new network worm that uses 7 tools and exploits from the US intelligence service NSA. The worm is called EternalRocks, but its original name is “MicroBotMassiveNet“.
• Wikileaks has brought out information about other CIA tools called Athena and Hera, spyware designed to take full, remote control over infected Windows PCs.

In non-security news, we were amazed by this jewel telling us that scientists at UCLA and the University of Connecticut managed to create a protein-based battery-like device that extracts energy from the human body which could potentially be used to power implants like pacemakers.

Safe surfing, everyone!

The Malwarebytes Labs Team