Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.

BleepingComputer was first notified about the Yatron RaaS by a security researcher who goes by the name A Shadow. Since then, the actor behind this ransomware has strangely been promoting the service by tweeting to various ransomware and security researchers as shown below.

After seeing one of these tweets, BleepingComputer was able to find a sample on VirusTotal and with the help of Michael Gillespie, we started to examine the source code of the ransomware.

Read more…
Source: Bleeping Computer