All of this comes from the "Eternal Blue" exploit program developed by the National Security Agency (NSA), which takes one of the flaws in the Windows SMB protocol.
On April 14, 2017, this program was leaked by the shadow brokers of the hacker group, which led to a series of blackmail attacks.
Although Microsoft released a patch before the vulnerability was disclosed, and even the Windows XP that had stopped supporting it, there are patches. However, there are many global Windows users, and many people still haven't patched it yet.
The security agency ESET detected that after the outbreak of the ransomware virus, the utilization of Eternal Blue declined rapidly with the parties taking countermeasures. It was only 'hundreds' of attacks each day, but since September 2017, the number of attacks has increased. 5. By April 2018, it reached a new peak, even exceeding the worst of the ransomware outbreak, setting a new record.
ESET speculates that Eternal Blue has erupted again, most likely because of the constant proliferation of Satan's ransomware virus.
At the same time, this also reflects that there are still a large number of Windows users still haven't patched with the eternal blue patch. It is recommended that you open Windows Update as much as possible, update patches at any time, and avoid being attacked by hackers.
