According to a blog post by Secarma Cybersecurity Experts, the next big Ransomware threat after WannaCry may be called ‘ExplodingCan’ and uses similar vulnerabilities leaked by The Shadow Brokers.
WannaCry was used as an attack from stolen exploits from the NSA. Predicting what will be done next with those stolen exploits is the trick.
According to the blog “Looking at the available exploits we focused initially on “ExplodingCan” (all the exploits have memorable names). This is listed to exploit fully patched Windows 2003 servers offering IIS 6.0 under certain conditions. It seems right up our attacker’s street as it will target legacy systems.”
the exploit that would allow ExplodingCan to work is publicly available and has already been used in the wild. Microsoft has also already stated their intention is to not patch 2003 servers.
Microsoft ended support for Server 2003 on July 14th, 2015, however many are still in use worldwide.