The Netherlands and various other countries have created laws where either their version of the NSA and/or police can hoard 0days to be used for hacking.
This massive outbreak is so widespread that at this stage it appears that it either was a very recent 0day or something which only recently was fixed by a patch.
Instead of having loads of countries hoarding security problems I highly encourage a focus on security instead. Seems much better for the economy overall.
Not OP, but he is right. I just walked out of work, where I had to reverse the sample. It indeed uses EternalBlue (attacks by enumerating local network IPs with Windows APIs and randomly scanning the internet). Apart from that, it overwrites the MBR with a custom bootloader and schedules a restart ("shutdown /t /r") as SYSTEM in a random amount of time. After rebooting, it fakes a chkdsk and meanwhile, encrypts your files.
It is also true that it uses PsExec to spread.
TL;DR good old Petya ransomware (old as shit) with a copy/pasted EternalBlue-based spreading method. Nothing new.
Literature: sorry no, I didn't read anything; everything I know is from practice.
As for the tools: just IDA Pro, really, if you don't count the standard stuff: a VM to avoid getting the host infected (VirtualBox), Burp (to analyze malware HTTP traffic), etc. Nothing too fancy.
In theory, yes. In practice, the reality may be more complicated. How many ongoing investigations and clandestine operations rely on 0days that could be patched tomorrow?
Even if this weren't the case somehow, I could imagine intelligence chiefs and the like defending their 0days as necessary on public safety or national security grounds.
Edit: just to clarify, I believe 0days should be reported and patched to make everybody safer.
Your strange theory, that the economical damage is unavoidable to improve security will break down hard if those 0days are used by terrorists for the first time.
"Your strange theory, that the economical damage is unavoidable to improve security will break down hard if those 0days are used by terrorists for the first time"
It's not a "strange theory", it's the literal reason: NatSec is not a strange theory, it's the stated reason by multiple administrators and officials for why this behavior occurs.
Plus, how much economic damage was mitigated by using zerodays against terrorists and foiling their plots?
What if they used a zero day and prevented a 9/11 size 3000 person, multi-billion-dollar terrorist attack?
To suggest that the needle is at 0 and any negative use makes the entire NatSec angle bad is very naive, because any successful NatSec use that has succeeded is classified and we're not privy.
So we don't know the score, and we certainly can't claim that the score favors one side after any particular event...
But, keep this in mind, Israeli hackers compromised an ISIS computer and were keeping tabs on plots including a plot to weaponize laptop batteries, up until DJT burned the source by outing the Israeli op to Russians.
So the idea that zero days aren't in active use seeing results against terrorists is very naive, I believe.
But the subject isn't risk evaluation, it's the idea of a "score" where using NatSec state zero days get positive points for saving lives and saving money, and negative points for when terrorists use leaked zerodays or take advantage of unfixed holes.
The claim was "any terrorist attack using these proves it's a net loss"
My response was "the classified nature of positive points doesn't invalidate positive points, and you cannot call it a net loss without a full accounting"
Now it's just devolved into a game of hypotheticals where people try to disprove the idea of a full accounting by creating even sillier terrorist scenarios?
They will try to defend it, but a counterargument can be made if people start losing lives (eg. from medical systems going awry). Then the collateral damage will become unacceptable.
This massive outbreak is so widespread that at this stage it appears that it either was a very recent 0day or something which only recently was fixed by a patch.
Instead of having loads of countries hoarding security problems I highly encourage a focus on security instead. Seems much better for the economy overall.