Malware, Exploits, and Attacks
SamSam
A 2016 strain of ransomware developed in Iran that targeted JBoss servers. It bypassed the process of phishing or illicit downloads in favor of exploiting vulnerabilities on weak servers by using RDP brute-force attack to guess weak passwords until one is broken. The virus has been behind attacks on government and healthcare targets, with notable hacks occurring against the town of Farmington, New Mexico, the Colorado Department of Transportation, Davidson County, North Carolina, and most recently, a major breach of security on the infrastructure of Atlanta.
WannaCry
A cryptoworm ransomware attack in May 2017 which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated through EternalBlue, an exploit discovered by the United States National Security Agency (NSA).
EternalBlue
An exploit developed by the NSA that exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol, which mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer. It was leaked by the Shadow Brokers hacker group on April 14, 2017. On May 12, 2017, WannaCry ransomware used this exploit to attack unpatched computers, and on June 27, 2017, the exploit was again used to carry out the NotPetya attack against Ukraine.
NotPetya
Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system. The Petya malware had infected millions of people during its first year of its release. The maker of the Petya malware was fined and arrested. Variants of Petya were first seen in March 2016, which propagated via infected e-mail attachments. In June 2017, a new variant of Petya was used for a global cyberattack, primarily targeting Ukraine. The new variant propagates via the EternalBlue exploit. Kaspersky Lab referred to this new version as NotPetya to distinguish it from the 2016 variants, due to these differences in operation. In addition, although it purports to be ransomware, this variant was modified so that it is unable to actually revert its own changes. The NotPetya attacks have been blamed on the Russian government, specifically the Sandworm hacking group within the GRU Russian military intelligence organization, by security researchers, Google, and several governments.