Categories: NewsSecurity

AES-NI Ransomware may be Using Recently Disclosed NSA Exploits

Rumors are circulating on the internet regarding quite a recent type of ransomware making use of the Shadow Brokers’ exploits. Albeit security researchers are not entirely certain these claims are legitimate, it is a very troublesome development to consider. AES-NI ransomware has been around since late 2016, but it appears a new version may be circulating as we speak.

AES-NI Ransomware Should Not be Underestimated

Ever since The Shadow Brokers released their latest batch of alleged NSA exploits, the world has been waiting for someone to make use of them. Although that wait may not yet be over just yet, the developer of AES-NI ransomware claims he has found a way to integrate some tools into his creation. That is quite a bold statement, especially when considering there is very little evidence to back up these claims as of right now.

ETERNALBLUE is the exploit released by The Shadow Brokers of which the AES-NI ransomware is talking right now. To be more specific, this alleged NSA exploit allows hackers to target the SMBv2 protocol and infect Windows servers around the world. Once this process is complete, it could theoretically allow a ransomware developer to install a ransomware payload on these servers for further distribution and control. The only evidence to back up these claims is this screenshot, which does not validate the claims by any means.

Even if these claims are not true in the end, AES-NI ransomware should not be overlooked by any means. Despite this malware being around since late 2016, it continues to cause a massive wake of destruction as we speak. In fact, it appears the number of daily detections related to this particular ransomware strain is only increasing as we speak, which is anything but positive news at this stage.

Related Post

It is certainly true there have been more reported of AES-NI ransomware ever since The Shadow Brokers released their latest Windows exploits. Then again, this can still be classified as mere coincidence at this stage. So far, there is no valid reason to believe any of the developer’s claims, although his creation is doing quite well on its own regardless of using NSA exploits. If ransomware developers were to successfully incorporate NSA exploits, things will go from bad to incredibly worse very fast, though.

So far, it appears the AES-Ni ransomware strain, researchers have identified makes use of the RDP protocol, rather than using SMB or SMBv2. Then again, it is still possible the developer has created an updated version that has yet to be analyzed by security experts at this stage. We can only hope there is no link to AES-NI and MSA hacking tools right now, as that would open up a whole new can of worms the world does not need right now.

As one would expect, AES-Ni is one of the many ransomware strains asking for a bitcoin payment. As of right now the sum to get rid of this malware sits at around US$1,800 worth of BTC. That is quite a steep amount, to say the least. It is interesting to note the developer claims to restore file access free of charge if the victim is living in one of the former Soviet states. Sadly, there is no known way to decrypt AES-NI without paying the high ransom.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Published by
JP Buntinx

Recent Posts

AMC CEO Announces Plans to Accept Shiba Inu via Bitpay in the Next 2-3 Months

In a twitter post yesterday, Adam Aron, CEO of AMC Theaters, announced the company's plans…

3 hours ago

Loopring and Gamestop – What Is Up with These Two?

Loopring and Gamestop are two entities that, at first glance, seem very different. One is…

4 hours ago

The Safest Methods to Deposit into Online Gambling Accounts

The rise of online betting is plagued with inevitable setbacks. One of which is the…

4 hours ago

GenshinShibInu Price Up Over 3000% After PancakeSwap Listing

GenshinShibInu (GSHIB) is the latest meme coin that gained over 3000% in the past 24…

4 hours ago

Top 5 Hottest Metaverse Projects Right Now

As the Metaverse trend picks up, we see more and more emerging projects entering the…

6 hours ago

Embr’s Innovative CeDeFi Ecosystem Aims to Provide Long-term Value To Investors

There has been a lot of discussion about decentralization and why it is essential for…

21 hours ago

This website uses cookies.