An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak

[n4gix 4,947]

Thanks for the info. Of course, even if one pays up there's absolutely no guarantee that they will actually de-crypt your files, as they're too busy laughing their bums off and going to the virtual bank...

I just ran Windows update again and note that FOUR "Important" of them failed to install...

[Raven9000 272]

On ‎5‎/‎13‎/‎2017 at 0:40 PM, SierraHotel said:

Well that is actually true judging by the levels of obesity, heart failure etc World wide, and while medicine per say is not a joke, big pharma takes the p** constantly and leaves hundreds if not thousands dead in their wake.

The fact that people are idiots does not make the discipline a joke...

 

[HiFlyer 9,358]

19 hours ago, n4gix said:

Thanks for the info. Of course, even if one pays up there's absolutely no guarantee that they will actually de-crypt your files, as they're too busy laughing their bums off and going to the virtual bank...

I just ran Windows update again and note that FOUR "Important" of them failed to install...

I remembered you mentioning once that you kept a lot of stuff on a windows 7 installation because you used programs in your work that might not function as well or at all on more recent Os's.

Also, over the years I have seen an awful lot of people on flightsim forums proclaim loyalty to windows 7 and windows XP, and that potential vulnerability pushed me over the edge to starting this thread, even though I was a bit worried it might be labeled as alarmist.

It's good if it actually helped anyone.

[Christopher Low 5,352]

Is there a specific way that users are being infected by this ransomware? Clicking on email links? Surfing dodgy internet sites? Lack of antivirus/malware protection? Or is it entirely random for users connected to the internet?

[kevinfirth 1,393]

1 hour ago, Christopher Low said:

Is there a specific way that users are being infected by this ransomware? Clicking on email links? Surfing dodgy internet sites? Lack of antivirus/malware protection? Or is it entirely random for users connected to the internet?

reports ive seen suggest the attack vector for the NHS was opening an email titled 'clinical results'...

 

seems like a classic case of technical vulnerability combined with social engineering/relying on end user idiocy to exploit it?

[HiFlyer 9,358]

I had read that it spread in the usual ways as well as jumping from computer to computer over the web.

From Wikipedia:

Quote

 

On 12 May 2017, WannaCry began affecting computers worldwide. The initial infection might have been either through a vulnerability in the network defenses or a very well-crafted spear phishing attack. When executed, the malware first checks the "kill switch" domain name. If it is not found, then the ransomware encrypts the computer's data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same network. As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.

The Windows vulnerability is not a zero-day flaw, but one for which Microsoft had made available a security patch on 14 March 2017, nearly two months before the attack. The patch was to the Server Message Block (SMB) protocol used by Windows. Organizations that lacked this security patch were affected for this reason, although there is so far no evidence that any were specifically targeted by the ransomware developers. Any organization still running the older Windows XP was at particularly high risk because until 13 May, no security patches had been released since April 2014. Following the attack, Microsoft released a security patch for Windows XP.

According to Wired, affected systems will also have had the DoublePulsar backdoor installed; this will also need to be removed when systems are decrypted.

According to reports, three or more hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. As with all such wallets their transactions and balances are publicly accessible even though the wallet owners remain unknown. To track the ransom payments in real time, a Twitterbot that watches each of the three wallets has been set up. As of 14 May 2017 a total of $33,319.59 had been paid.

 

 

[StyleKnight 0]

These events (http://www.bbc.com/news/technology-39901382) once again confirmed my idea that computer security system can'tbe free http://myspybot.com/wallet-file-virus/

[HiFlyer 9,358]

New attacks feared, Microsoft being proactive this time.

http://money.cnn.com/2017/06/13/tec...r-attacks-windows-wannacry-updates/index.html

[n4gix 4,947]

2 hours ago, HiFlyer said:

New attacks feared, Microsoft being proactive this time.

http://money.cnn.com/2017/06/13/tec...r-attacks-windows-wannacry-updates/index.html

404 error. Evidently that article was either removed or the link is incorrect.

[HiFlyer 9,358]

8 minutes ago, n4gix said:

404 error. Evidently that article was either removed or the link is incorrect.

Yeah.... Cnn is famous for that.

Lets try again with something more stable.

http://www.techrepublic.com/article/new-windows-xp-patch-microsoft-issues-extraordinary-fix-to-protect-pcs-against-next-wannacry/#ftag=YHF87e0214?yptr=yahoo

[HiFlyer 9,358]

Well, here we go again, guys. http://money.cnn.com/2017/06/27/technology/hacking-petya-europe-ukraine-wpp-rosneft/index.html

 

Hackers launched blistering attacks Tuesday against companies and agencies across the world.

Major global firms are reporting they're under attack, including British advertising agency WPP(WPPGY), Russian oil and gas giant Rosneft and Danish shipping firm Maersk.

"IT systems in several WPP companies have been affected by a suspected cyber attack," said WPP on its official Twitter (TWTR, Tech30) account.

Maersk issued a similar statement, saying its IT systems "are down across multiple sites and business units due to a cyber attack."

The U.S.-based pharmaceutical firm Merck (MRK) also said it's been hit.

"We confirm our company's computer network was compromised today as part of global hack," it said on Twitter.

The source of the attack is not yet clear, but it is similar to WannaCry, which spread globally in May, but there are differences. Both asked victims to pay Bitcoin to get their files back, and both use a similar flaw to spread through networks.

The Moscow-based cybersecurity firm Group IB estimates that a virus has affected about 80 companies in Russia and Ukraine.

Group IB said the ransomware infects and locks a computer, and then demands a $300 ransom to be paid in Bitcoins.

Many firms, including Symantec, have suggested the ransomware is a variant of Petya, a known ransomware. But according to security firm Kaspersky Lab, preliminary findings indicate the attacks are from a new ransomware which it's calling "NotPetya."

Either way, researchers say Tuesday's attacks use a Windows flaw called EternalBlue to spread through corporate networks. WannaCry also leveraged the EternalBlue exploit, which was leaked as part of a trove of hacking tools believed to belong to the NSA. Microsoft (MSFT, Tech30) issued a patch for the exploit in March.

Microsoft said it is aware of the reports and is investigating.

The Department of Homeland Security is also monitoring reports of cyberattacks.

Spokesman Scott McConnell said DHS is "coordinating with our international and domestic cyber partners. We stand ready to support any requests for assistance."

Europol said it is aware and investigating the attack as well.

Ukrainian companies and government agencies seem to have been hit particularly hard.

Ukraine's central bank is warning financial firms across the country that an unknown virus has hit the sector, creating problems for banks and customer service.

Officials at that country's postal service and metro system in Kiev were also reporting hacking problems.

Ukraine's vice prime minister, Pavlo Rozenko, tweeted a screenshot of his malfunctioning computer saying computers at the Cabinet of Ministers have been affected.

The Chernobyl nuclear power plant was also hit by the cyber attack, according to a Ukrainian federal agency. In a statement, it said that "in connection with the cyber attack, the Chernobyl nuclear power plant website is not working." Its Microsoft Windows systems were temporarily disconnected, and radiation monitoring in the area of the industrial site is being carried out manually, it said.

--CNN's Marilia Brocchetto, Mary Ilyushina, David Shortell and Victoria Butenko contributed to this report.

[HiFlyer 9,358]

https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

[Gustaf Gans 0]

Follow these simple rules and everything will be ok!

• Toggle your email provider’s anti-spam settings to filter out all the potentially harmful incoming messages. Raising the bar beyond the default protection is an important countermeasure for ransom Trojans.
• Define specific file extension restrictions in your email system. Make sure that attachments with the following extensions are blacklisted: .js, .vbs, .docm, .hta, .exe, .cmd, .scr, and .bat. Also, treat ZIP archives in received messages with extreme caution.
• Rename the vssadmin.exe process so that ransomware is unable to obliterate all Shadow Volume Copies of your files in one shot.
• Keep your Firewall active at all times. It can prevent crypto ransomware from communicating with its C&C server. This way, the threat won’t be able to obtain cryptographic keys and lock your files.
• Back up your files regularly, at least the most important ones. This recommendation is self-explanatory. A ransomware attack isn’t an issue as long as you keep unaffected copies of your data in a safe place.
• Use an effective antimalware suite. There are security tools that identify ransomware-specific behavior and block the infection before it can do any harm.