The Eternal Blue (MS17_010) exploit was found and allegedly developed by US NSA approximately 5

years(1) before leaked by Hacker group Shadow Brokers(2). It appears that the NSA found these
vulnerabilities, used them to create several exploits, of which, Eternal Blue is one, and failed to
disclose the weaknesses to Microsoft or anyone else. It was only until the Wanna Cry exploit was in
the wild, and had effected over 230,000 computers, that the US indicted two Koreans and a person
in the US. The exploit focus is on a vulnerability in SMB v1, basically the SMB Secondary Transactions
are malformed when the message request is greater than the SMB MaxBufferSize. (6) . Microsoft
released a patch immediately.(4). Yet this often relies on an update from the end user. So many
vulnerable systems remain! In fact, the ‘Eternal Rocks’ threat used 7 exploits from NSA leaked hacks
(3) This attack violates the CIA triad by damaging our confidence in the NSA, also, limiting availability
of files, after WannaCry uses the Eternal Blue exploit the compromised system is encrypted, thus
rendering it useless to the end user. The hacker will either use the exploit to just encrypt your files,
or demand money to unlock them. Police and Security Agencies all advise against paying the ransom,
which was in BitCoin, and thus untraceable, as it just encourages the attackers to keep using these
types of exploit(5). Plus there is no guarantee to recover your data, as they got sneakier and hid
behind VPN’s.
(1) https://en.wikipedia.org/wiki/EternalBlue
(2) https://www.avast.com/c-eternalblue
(3) https://www.csoonline.com/article/3197673/eternalrocks-network-worm-uses-7-nsa-hacking-
tools.html
(4) April 15, 2017. Microsoft Windows Shadow Brokers Nsa Hacks Patched
(5) Dummies' Guide to WannaCry - Infosecurity Magazine (infosecurity-magazine.com)
(6) SMB Exploited: WannaCry Use of "EternalBlue" | Mandiant

General