Wannacry is not the only one ransomware which is troubling world right now. Security firm Proofpoint has discovered another attack which is installing the cryptocurrency miner Adylkuzz.
According to the proofpoint: Attackers spread a massive ransomware attack worldwide using the EternalBlue exploit to rapidly propagate the malware over corporate LANs and wireless networks. EternalBlue, originally exposed on April 14 as part of the Shadow Brokers dump of NSA hacking tools, leverages a vulnerability (MS17-010) in Microsoft Server Message Block (SMB) on TCP port 445 to discover vulnerable computers on a network and laterally spread malicious payloads of the attacker’s choice. This particular attack also appeared to use an NSA backdoor called DoublePulsar to actually install the ransomware known as WannaCry.
Symptoms of this attack include loss of access to shared Windows resources and degradation of PC and server performance.