A variant of the familiar help-desk scam is taking advantage of widespread public concerns over WannaCry. The scammers call, tell you you're infected, then offer to "take over your machine" to fix the infection. The UK's Action Fraud center sounded the alert, but it's reasonable to expect this approach wherever the help-desk scam flourishes.
WannaCry was notable for being a "ransomworm." The US Department of Homeland Security warned that a vulnerability in Samba, the free Linux and Unix networking software, leaves it susceptible to similar worm infestations. According to researchers at Rapid7 there were no signs of exploitation in the wild, at least in the first twenty-four hours after discovery and disclosure.
The precise scope of the threat posed by EternalBlue and EternalRocks remains unsettled, but there is widespread concern that active exploitation may be taking more disturbing forms than the stumblebum extortion of the first WannaCry wave. Researchers at Cyber Detection Services are among those reporting quiet campaigns that seem to be evading detection by commodity firewalls.
SentinelOne reports a new ransomware strain, "Widia," interesting in that it looks like early-stage commodity-level crimeware. Widia asks for a credit card payment as opposed to customary Bitcoin, but it seems more scareware than crytptoransomware—it throws up a screen that says your files are encrypted, but actually they're not. SentinelOne thinks the authors will eventually add the malicious encryption they now lack. Ransomware pandemics prompt calls for cryptocurrency regulation.
Investigation into the Manchester bomber's radicalization suggests his family warned the authorities.