FireEye said threat actors are using the NSA’s EternalBlue exploit of the same Microsoft SMBv1 vulnerability as WannaCry to spread Nitol and Gh0st RAT.
Researchers at Kaspersky Lab have found a number of programming errors in the WannaCry ransomware code that put file recovery within reach of sysadmins.
Researchers urge Windows admins to apply MS17-010 before the next attack using the EternalBlue NSA exploit deploys a worse payload than WannaCry ransomware.