EternalBlue reaching new heights since WannaCryptor outbreak

EternalBlue reaching new heights since WannaCryptor outbreak

Attack attempts involving the exploit are in hundreds of thousands daily



It has been two years since EternalBlue opened the door to one of the nastiest ransomware outbreaks in history, known as WannaCryptor (or WannaCry). Since the now-infamous malware incident, attempts to use the exploit have only been growing in prevalence. Currently it is at the peak of its popularity, with users bombarded with hundreds of thousands of attacks every day.


The EternalBlue exploit was allegedly stolen from the National Security Agency (NSA) in 2016 and leaked online on April 14, 2017 by a group known as Shadow Brokers. The exploit targets a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol, via port 445. The flaw had been privately disclosed to and patched by Microsoft even before the WannaCryptor outbreak in 2017; yet, despite all efforts, vulnerable systems are widespread even to this day.


According to data from Shodan, there are currently almost a million machines in the wild using the obsolete SMB v1 protocol, exposing the port to the public internet. Most of these devices are in the United States, followed by Japan and the Russian Federation.



Poor security practices and lack of patching are likely reasons why malicious use of the EternalBlue exploit has been growing continuously since the beginning of 2017, when it was leaked online.


Based on ESET telemetry, attack attempts involving EternalBlue are reaching historical peaks, with hundreds of thousands of ..