Categories: NewsSecurity

AES-NI Ransomware may be Using Recently Disclosed NSA Exploits

Rumors are circulating on the internet regarding quite a recent type of ransomware making use of the Shadow Brokers’ exploits. Albeit security researchers are not entirely certain these claims are legitimate, it is a very troublesome development to consider. AES-NI ransomware has been around since late 2016, but it appears a new version may be circulating as we speak.

AES-NI Ransomware Should Not be Underestimated

Ever since The Shadow Brokers released their latest batch of alleged NSA exploits, the world has been waiting for someone to make use of them. Although that wait may not yet be over just yet, the developer of AES-NI ransomware claims he has found a way to integrate some tools into his creation. That is quite a bold statement, especially when considering there is very little evidence to back up these claims as of right now.

ETERNALBLUE is the exploit released by The Shadow Brokers of which the AES-NI ransomware is talking right now. To be more specific, this alleged NSA exploit allows hackers to target the SMBv2 protocol and infect Windows servers around the world. Once this process is complete, it could theoretically allow a ransomware developer to install a ransomware payload on these servers for further distribution and control. The only evidence to back up these claims is this screenshot

, which does not validate the claims by any means.

Even if these claims are not true in the end, AES-NI ransomware should not be overlooked by any means. Despite this malware being around since late 2016, it continues to cause a massive wake of destruction as we speak. In fact, it appears the number of daily detections related to this particular ransomware strain is only increasing as we speak, which is anything but positive news at this stage.

Related Post

It is certainly true there have been more reported of AES-NI ransomware ever since The Shadow Brokers released their latest Windows exploits. Then again, this can still be classified as mere coincidence at this stage. So far, there is no valid reason to believe any of the developer’s claims, although his creation is doing quite well on its own regardless of using NSA exploits. If ransomware developers were to successfully incorporate NSA exploits, things will go from bad to incredibly worse very fast, though.

So far, it appears the AES-Ni ransomware strain, researchers have identified makes use of the RDP protocol, rather than using SMB or SMBv2. Then again, it is still possible the developer has created an updated version that has yet to be analyzed by security experts at this stage. We can only hope there is no link to AES-NI and MSA hacking tools right now, as that would open up a whole new can of worms the world does not need right now.

As one would expect, AES-Ni is one of the many ransomware strains asking for a bitcoin payment. As of right now the sum to get rid of this malware sits at around US$1,800 worth of BTC. That is quite a steep amount, to say the least. It is interesting to note the developer claims to restore file access free of charge if the victim is living in one of the former Soviet states. Sadly, there is no known way to decrypt AES-NI without paying the high ransom.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Quickex Expands Cryptocurrency Options with Over 200 Coins Available for Exchange

Quickex, a cutting-edge cryptocurrency exchange platform, announces a key milestone by enabling over 200 coins…

11 hours ago

EigenLayer Airdrop Attracts Legendary Trader GCR And Justin Sun’s Team

EigenLayer, the innovative blockchain project, has recently made headlines with its first season airdrop announcement,…

17 hours ago

Uniswap’s Latest Upgrade Allows Direct Purchases With Robinhood Balance

Uniswap, the leading decentralized exchange, has recently enhanced its functionality by integrating Robinhood Connect into…

17 hours ago

Anonymity vs. Transparency: BlockDAG’s Post-Forbes Dilemma

Anonymity vs. Transparency: Where Will BlockDAG Go After the Forbes Doxxing? The cryptocurrency market has…

17 hours ago

Top ICOs: BlockDAG, Dogeverse, 99BTC, WAI, eTukTuk & Others

Top 7 Crypto ICOs: BlockDAG’s Over $22M Presale Surge Outshines Dogeverse, 5thScape, WAI, 99BTC &…

23 hours ago

BlockDAG Revolution: Forbes Disclosure Propels It to New Heights

Forbes Disclosure Catalyzes BlockDAG Presale: Is This Crypto Innovation the Future or Just a Tech…

1 day ago