The developer of the AES-NI ransomware claims that the recent "success" he's been enjoying is due to the NSA exploits leaked last week by the Shadow Brokers group.
In a series of tweets he posted online, the AES-NI author alleges he successfully used ETERNALBLUE, an exploit targeting the SMBv2 protocol, to infect Windows servers across the globe and then install his home-made ransomware.
The only evidence the AES-NI author provided was a screenshot that showed the ransomware dev scanning a server for three NSA exploits.
The author of this ransomware did not respond to a request for comment from Bleeping Computer. While the validity of his claims cannot be proven, one thing can, and that's the trail of destruction this ransomware has left behind in the past week.
Below is a chart provided by the experts at ID-Ransomware, a service that helps users identify the type of ransomware that has infected their computers. These detections are logged for the purpose of keeping...(continued)