BlueKeep, the security vulnerability that was feared to be the successor to the devastating NotPetya, seems to be far, far less intimidating than initially thought.
Security researchers from Kryptos Logic have spotted the first instance of BlueKeep exploit in the wild and the only thing it did was – installed a cryptocurrency miner on the machine.
No data destruction, no spreading like wildfire, no ransomware attempts. Just a cryptocurrency miner. Sure, such a miner can render a machine almost useless, but it's also easy to spot and easy to eliminate, without consequences.
However, the researchers say that this doesn't necessarily have to mean that a more serious BlueKeep attack is totally out of the question. There are still more than 735,000 vulnerable machines (out of the initial 923,000).
Earlier this year, we reported that almost a million devices were vulnerable to BlueKeep. Those are mostly devices running an older version of the Windows operating system. Microsoft patched the flaw for Windows 7, Server 2008, XP and Server 2003.
The flaw works in a fashion similar to what WannaCry did two years ago. An unauthenticated user can execute arbitrary code to assume control of a machine without any user interaction.
NotPetya is considered one of the most devastating ransomwares to ever hit the internet. Thousands of machines worldwide have had their data encrypted, with companies and institutions such as the NHS almost having their operations grind to a halt.