Jump to content

Global Cyberattack: What We Know and Don’t Know


tao

Recommended Posts

A quickly spreading ransomware attack is hitting countries across the world including France, Russia, Spain, Ukraine and the United States, just weeks after a ransomware attack known as WannaCry.

What We Know

• Several private companies have confirmed that they were struck by the attack, including the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, and the British advertising firm WPP. The French multinational Saint-Gobain and a unit of the bank BNP Paribas, also said they had been hit, as did the Russian steel, mining and oil companies Evraz and Rosneft.

 

• Photographs and videos of computers affected by the attack show a message of red text on a black screen: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”

 

• Kaspersky Lab, a cybersecurity firm based in Moscow, reported that about 2,000 computer systems had been affected by the new ransomware.

 

Microsoft said the attack had originated in Ukraine, where hackers first targeted M.E.Doc, a tax-accounting software company, and the ransomware soon spread to at least 64 countries worldwide. ESET, a Slovakia-based cybersecurity company, also said the first known infection was through M.E.Doc..

 

• M.E.Doc denied that it was patient zero. “At the time of updating the program, the system could not be infected with the virus directly from the update file,” the company said in a Facebook post, though an earlier message confirmed that its systems had been compromised.

 

• Cybersecurity researchers first called the new ransomware attack Petya, as it was similar to a ransomware strain known by that name that was first reported by Kasperksy in March 2016. But Kaspersky later said that its investigation into the new attack found that it was a type of ransomware that had never been seen before.

 

• Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue.

 

• Eternal Blue was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. That vulnerability was used in May to spread the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries.

 

• ESET and several other cybersecurity companies have identified at least one other exploit used in the attack known as PsExec, which takes advantage of a single computer that has not been updated with the latest software in a network to spread infections by looking for — and using — administrative credentials. By using PsExec, the ransomware continued spreading across systems that had been updated, or patched, after the WannaCry outbreak last month.

 

• Several cybersecurity researchers have identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some appear to be paying the ransom, even though the email address used by the attackers has been shut down. That removes the possibility that the attackers could restore a victim’s access to their computer networks, even once ransom is paid. So far, more than $9,000 in ransom had been paid, security experts say.

What We Don’t Know

• Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track.

 

• The motives for the attack. Cybersecurity researchers ask why, if the goal was to force victims to pay ransom, more care was not taken to protect the email address through which attackers could communicate with their victims, or to provide multiple avenues for payment.

 

• How much bigger this attack will get. Ukraine and Russia are most affected, and despite some reports across Asia, the region has mostly sidestepped the widespread problems felt in Europe and the United States. Cybersecurity researchers say that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It also has the ability to take advantage of a single unpatched computer on a network to infect computers across a vast network, meaning that even systems that were updated after WannaCry could potentially become vulnerable again.

What Is Ransomware?

Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims email that includes a link or a file that appears innocuous but contains dangerous malware.

 

• Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, folders and drives on that computer. In some cases, the entire network the computer is connected to can become infected.

 

• The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency.

 

< Here >

 

Link to comment
Share on other sites

  • Replies 6
  • Views 952
  • Created
  • Last Reply

"funny" as everything indicates some lamers, without even proper understanding of hack are using old tool, by NSA... lets consider the NSA or GSHQ available options to date to hack in more or less any device :troll:

Link to comment
Share on other sites

Malwarebyte's is distribiing an alert. According to them, their latest version should protect users against the "Petya/NotPetya" version. They also provide the link to  Security Update for Microsoft Windows SMB Server released in March. I'm not sure if there is any patch or the need of a patch for other Windows versions

 

Quote

A new strain of ransomware, a Petya-esque variant being called Petya/NotPetya, is swiftly spreading across the globe today, impacting tens of thousands of computers as of 2:00 p.m., PST. More powerful, professional, and dangerous than last month's WanaCrypt0r attack, the Petya-esque ransomware uses the same EternalBlue exploit to target vulnerabilities in Microsoft's operating system. However, unlike WanaCrypt0r, this ransomware instructs you to reboot your computer and then locks up your entire system. Long story short: if you get this infection, you're hosed.

We're alerting you to reassure you that if you're currently using the premium version (or the premium trial) of Malwarebytes with real-time protection turned on, you are protected from this threat. Our premium technology blocks the Peyta-inspired ransomware before it can encrypt your system. (The free version of Malwarebytes, however, does not protect you against this attack. To see which version you have, open up your Malwarebytes software and look for the version name at the top of the window.)

If you're not currently using the premium version of Malwarebytes, we recommend that you update your Microsoft Windows software immediately. Microsoft released a patch for this vulnerability in March. You may access the patch here. We also recommend you be extra vigilant about opening emails, as one suspected method for spreading this infection is through infected Office documents delivered via spam.

If you're thinking about paying the ransom for this threat ($300 in Bitcoin per PC)—don't bother. The email service that hosted the address where victims were instructed to send payment has closed the account. So at this point trying to pay the ransom will result in a returned email. However, the attackers may provide their victims with alternative forms of payment transactions.

Cyberattacks at a global scale seem to be happening more and more frequently. At Malwarebytes, we pledge to keep our customers and readers informed. Your safety is our number one priority.

Sincerely,

The Malwarebytes team
P.S. Learn more about this threat here.

 

Link to comment
Share on other sites

18 minutes ago, luisam said:

Malwarebyte's is distribiing an alert. According to them, their latest version should protect users against the "Petya/NotPetya" version.

 

That's fine but obviously most of these companies aren't running anything capable of blocking much, don't have good security on their systems, and don't have good employee training to prevent the infections to start with.  And consider that Malwarebytes isn't a mainstream solution, it isn't even listed in enterprise software lists when it comes to security.  I would never recommend it to anyone.  As long as their are users who will click on anything, open any attachment, and agree to anything, then there will always be ransomware or other infections.  The real solution is no one pays, ever, so that encrypting someone's files is a useless, annoying process that doesn't result in any financial reward.

Link to comment
Share on other sites

31 minutes ago, straycat19 said:

And consider that Malwarebytes isn't a mainstream solution

I know a company here that uses it but they have shitty security to began with and they wait tell something gets infected and then runs it so what good would that do in this case of ransomware?  people need too wake up..

 

Berkeley Lab's recommend  you use Malwarebytes  for a extra layer of security

Quote

The Lawrence Berkeley National Laboratory (LBNL or LBL), commonly referred to as Berkeley Lab, is a United States national laboratory located in the Berkeley Hills near Berkeley, California that conducts scientific research on behalf of the United States Department of Energy (DOE). It is managed and operated by the University of California. The laboratory overlooks the University of California, Berkeley's main campus.

 

Quote

 

Why would I want this software?

  1. An anti-virus product alone is often no longer sufficient to protect against threats that come into computer systems. An anti-virus product is designed to prevent an infection from occurring and to stop an active infection, but it is often not designed to remediate damage or undo unwanted malicious changes after an infection occurs. This is where an anti-malware product such as MalwareBytes Anti-Malware comes into action, identifying existing, persistent threats that are often not classified as a virus/trojan/rootkit by anti-virus software.
     
  2. In the past, Berkeley Lab computers that came through the IT Workstation Support group had software installed for the purpose of supplementing the standard anti-virus at that time. This software’s purpose was similar to that of MalwareBytes; however, because of its lack of use, and because it would sometimes run for many hours or days before finding anything, it was eventually dropped. MalwareBytes now picks up where that software left off, supplementing the standard anti-virus product, providing significantly better scan performance, and constant protection.
     
  3. There have been an increasing number of problems presented by unwanted software. These problems range from mere annoyances such as obtrusive advertising or searches being redirected, to more significant problems, such as being unable to log onto or use the computer, downloading additional malicious/unwanted software, or stealing sensitive information.

Do I still need to run anti-virus software on my workstation?

Yes, even with MalwareBytes, you still need an anti-virus product installed. A computer virus can prevent your computer from operating normally, spread via USB and other devices, and cause other security issues. There is currently no substitute for running an anti-virus product, and it is required for workstations at Berkeley Lab. Please see the “More information” section at the end of this document.

An anti-virus product is designed primarily to find and remove virus infections that may spread to other systems. In contrast, many anti-virus products are not designed to find a large variety of other unwanted software. Such unwanted software often includes advertising and Web browser-hijacking software, often presents no easy way to uninstall or remove it, and may also install even more unwanted or dangerous software over time. To combat this threat, anti-malware tools such as MalwareBytes were created. Even if an anti-virus finds and eradicates this unwanted software, it may only do so after the computer’s settings have been altered. Finding and removing that software and then subsequently undoing any changes made by that software is what MalwareBytes excels at doing.

 

 

 

https://commons.lbl.gov/display/itfaq/MalwareBytes+Anti-Malware+Service

 

Link to comment
Share on other sites

52 minutes ago, Skunk1966 said:

in short- previous ransom-ware had only one advantage- taking over Win boot execution in order to take over whole PC

I expect the new one to be ever so little improved version

whole list of malware

https://wikileaks.org

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...