As we approach the first anniversary of the ShadowBrokers, their true identity and source of their stolen NSA exploits remains a mystery.

Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole attack.

Tools are beginning to emerge that can be used to begin the process of recovering files encrypted by WannaCry on some Windows systems.

Mike Mimoso and Chris Brook discuss WannaCry, Microsoft’s response, the killswitches, a potential link with Lazarus Group, and what the future holds for the ShadowBrokers.

Researchers urge Windows admins to apply MS17-010 before the next attack using the EternalBlue NSA exploit deploys a worse payload than WannaCry ransomware.

Experts have confirmed there are similarities between code used by the ransomware WannaCry and the Lazarus APT.

Exploits spreading WannaCry ransomware have surfaced after the discovery of a killswitch put a quick halt to the initial global outbreak.

The latest ShadowBrokers dump includes exploits that allowed the NSA to target SWIFT data managed by outsourced service bureaus in the Middle East.