Posted on 06/27/2017 7:35:05 AM PDT by MarchonDC09122009
https://www.forbes.com/sites/thomasbrewster/2017/06/27/ransomware-spreads-rapidly-hitting-power-companies-banks-airlines-metro/#17b076ce7abd
Another Massive Ransomware Outbreak Is Going Global Fast
Security #CyberSecurity Jun 27, 2017 @ 09:44 AM
Another Massive Ransomware Outbreak Is Going Global Fast
Thomas Fox-Brewster, Forbes Staff
Ransomware is causing severe problems for major critical infrastructure providers today.
Ukraine's government, National Bank and biggest power companies all warned of cyberattacks Tuesday. Airports and metro services in the country were also reportedly affected, though it appears they're victims of another massive ransomware outbreak that's spreading across the world fast and hitting a significant number of critical infrastructure providers.
(Excerpt) Read more at forbes.com ...
I better check my Ukrainian accounts
Create a text file in notepad and name it test.js (not test.js.txt)
Go to Explorer and right-click on the file. Click Open With and Choose Another App. Select Notepad. Check Always Open Use This App.
I’m on XP. I have megabucks invested in recording studio software and no plans to upgrade right now. So far so good. I used other tablets for most surfing. I do some limited surfing on the xp compter.
You're asking for trouble.
Typing in Morse helps.
Di-dah-di-dit Dah-dah-dah Di-dah-di-dit
Additional Petya malware attack info:
“Massive Cyberattack” Spreads Across Europe, Hits Ukraine, Russia, UK, Denmark
Tyler Durden’s picture
by Tyler Durden
Jun 27, 2017 12:30 PM
Update 3: Germany’s Merck also confirms it has been affected by the cyberattack:
* * *
Update 2: RUSSIAN CENBANK SAYS AS A RESULT OF ATTACKS THERE HAVE BEEN ISOLATED CASES WHERE IT SYSTEMS INFECTED
* * *
Update: in addition to the below listed companies, all of which appear to have been targeted in the global cyberattack including Russia’s Rosneft and metals giant Evraz, Danish shipper Maersk, UK ad company WPP, the Ukraine central bank, government and airport, more targets are emerging including Norway’s national security authority which has said that a Ransomeware attack is ongoing in Norway “similar to the attack on Maersk”, while Russia’s Home Credit Bank said all domestic branches are closed because of the cyber attack.
As the Spectator adds, companies in Spain are also now affected by the cyberattack which appears to be a modification of the “WannaCry” virus, and has been named “Petya.”
A Moscow-based cyber security firm, Group-IB, said it appeared to be a coordinated attack simultaneously targeting victims in Russia and Ukraine, according to Reuters.
* * *
Now that CNN is officially out of the “Russia hacking” fake news business, the Ukraine has decided to fill in the void, and moments ago Ukraine’s Deputy Prime Minister Pavlo Rozenko said that the government’s computer network was down, in what he claimed was a “massive cyberattack”, one which has also impacted the central bank, power plant and airport, and promptly blamed Russia for being behind the attack without a shred of evidence. To “prove” the accusation, he posted a picture on Twitter of a computer screen showing an error message.
“We also have a network ‘down’,” he wrote. “This image is being displayed by all computers of the government.” The photo showed his PC displaying a message claiming a disk “contains errors and needs to be prepared”, urging the user not to turn it off.
According to local press, numerous Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, including banks, the state energy distributor and Kiev’s main airport. “We also have a network ‘down’,” Rozenko said on Facebook.
Ukrainian state-run aircraft manufacturer Antonov was among the companies hit, along with state power distributor Ukrenergo, which said the attack did not affect power supplies.
According to Bloomberg, Kievenergo, a Ukrainian utility, switched off all computers after the hack, while another power company, Ukrenergo, was also affected, though “not seriously,” the Interfax news service reported. Ukrainian airports and railways are operating as usual, according to the Russian news service.
Ukrainian delivery network Nova Poshta halted service to clients after its network was infected, the company said on Facebook. Ukraine’s Central Bank warned on its website that several banks had been targeted by hackers.
After the attack, Ukraine quickly went for the empathy points, tweeting a meme from its official Twitter account.
“Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue,” the account tweeted. Attached was an infamous “this is fine” gif.
* * *
So who’s to blame? Why Russia of course.
Speaking to Interfax,the advisor to the Interior Minister of Ukraine, MP Anton Gerashchenko said that “a huge cyber-attack at Ukrainian companies on Tuesday has been organized by Russian intelligence services and it is one of the elements of the hybrid war against Ukraine,
“The intrusion is the biggest in Ukraine’s history,” Gerashchenko wrote on Facebook. The goal was “the destabilization of the economic situation and in the civic consciousness of Ukraine,” though it was “disguised as an extortion attempt,” he said.
“A huge cyber-attack has been started against Ukraine. It was done under the disguise that it is allegedly a virus… According to the preliminary information, this is an organized system, a kind of training by the Russian intelligence services. The attack aims at banks, media and transport communications,” he said on 112.Ukraine TV Channel on Tuesday.
One wonders if that preliminary information came from the same FBI that incorrectly claimed the Qatar hack was organized by Russia, when Qatar itself later blamed the “blockade” countries as being behind it.
Gerashchenko said that the virus reached computers during several days and even weeks via getting mails. “Today, at 11:00 [the computers] that were affected by the virus in advance were activated. Thus, this is another example of using cyber-attacks in the hybrid war against our country,” he said.
“I think that soon officers of the SBU, the cyber security department of the National Police will unveil the ways how this virus reached the targets and they propose the options to tackle the problem,” he said.
* * *
Meanwhile, the fall out in Ukraine, which claimed the cyberattacks are a modified version of the “WannaCry” virus, has been extensive with Ukrainian state-run aircraft manufacturer Antonov among the companies reportedly hit, along with state power distributor Ukrenergo, which said the attack did not affect power supplies. The National Bank of Ukraine said an “unknown virus” was to blame, saying several unnamed Ukrainian banks were affected along with financial firms.
“As a result of cyber attacks, these banks have difficulties with customer service and banking operations,” a statement said.
“The National Bank bank is confident that the banking infrastructure’s defense against cyber fraud is properly set up and attempted cyber attacks on banks’ IT systems will be neutralised.”
Oschadbank, one of Ukraine’s largest state-owned lenders, said some of its services had been affected by a “hacking attack” but guaranteed that customer data was safe.
Computers and departure boards at Boryspil International Airport in Kiev – the largest in Ukraine – were also down. “The official site of the airport and the scoreboard with the schedule of flights aren’t working!” the airport’s acting director, Pavel Ryabikin, wrote on Facebook.
* * *
It wasn’t just Ukraine however. As The Independent writes, Danish shipping giant Maersk said its IT systems were down across “multiple sites and
businesses due to a cyber attack”, although it was unclear whether it
was related to the situation in Ukraine. The congolmerate is the largest container shipping
company in the world and also operates in the oil and gas sectors.
Russia’s Rosneft, a government-owned oil firm, also said it was targeted by a “massive hacker attack” on its servers, as was steel maker
Evraz. “The cyber attack could lead to serious consequences, however, due to
the fact that the Company has switched to a reserve control system,
neither oil production nor preparation processes were stopped,” a
statement from Rosneft said.
British advertising company WPP also said several units were affected by a suspected cyber attack.
Or, as Reuters summarizes:
SWISS GOV’T AGENCY SAYS UKRAINE, RUSSIA, ENGLAND AND INDIA ARE MOST AFFECTED BY VIRUS, NO INDICATION THAT SWISS COMPANIES AFFECTED
SWISS GOV’T AGENCY SAYS THERE ARE INDICATIONS THAT PETYA RANSOMWARE VIRUS IS CIRCULATING AGAIN
It was not clear how and why Russian hackers would be able to hack the entire world, Russia included, but that probably does not matter: Ukraine has blamed Russia for repeated cyber attacks targeting
crucial infrastructure during the past three years, including one on its
power grid that left part of western Ukraine temporarily without
electricity in December 2015. Today was just a continuation, and after all the world still demand Russia hacking narratives.
If you use a modern package manager, the kernel should be taken care of with that.
As for daily backups, that couldn't be easier. I use "backintime", which basically uses rsync to perform backups to a specified drive. The directory structure on the backup device is 600 and owned by root, so a user can't screw it up accidentally. You might have an issue if the malware exploits a privilege escalation bug, but generally you are good to go. I have 2 drives that I rotate out occasionally to deal with my worst-case scenario of a fire. If my house burns down, I have a backup that is at most a month old in a safe deposit box. It's not even that big a deal, if you go to your bank once a month as I do to make sure the people there know who I am.
I mount the backup drive on a /backup mount point, so when I want to do my offsite copy, I just unmount /backup, plug the offsite drive in, and wait until the next day to unmount and remount the original. Works pretty well for me, and isn't much of a hassle. Actual data management does take a little bit of work. If you're not willing to expend some minimal effort, then your data must not mean much to you.
You rotten liar. What makes you think you can get away with saying something like that? Have you gotten Maxine Water Brain all of a sudden? You just attacked me for absolutely no reason. Why would you do so, you evil, vile demon.
Bounty big enough, we’ll find them. If they’re in another country, extradite them. If you can’t extradite, well, accidents happen all the time.
Yeah, that’s why I suggest a snapshot which you know is not infected. I think old Linux kernels are problematic, but it depends which one. Some distros were/are more security conscious (and size conscious) and strip out all the useless and insecure crap. Generally the problem is not going to be in the kernel but in some service running on top in user mode.
Sure easy for you and me, but not everyday dumb computer user who doesn’t even want to spend an extra $50 for a device to backup data to.
Depends on whether it is encrypted. If encryption is turned on, then you are somewhat safe from eavesdropping. If not, then everyone can see everything except HTTPS, VPN, etc. In short, only use wifi where you type a password to access it.
The other parts of your advice are fine, but I wouldn't waste a lot of time on "long and complicated" passwords. There is a problem with cracking short passwords from stolen hashes. But if your provider has hashes stolen then everything else can be stolen as well, so your long and complicated password is safe but your SSN in their database is not so you lose.
Password-protect the files you upload. And pick strong passwords. ALWAYS.
Well if the encryption is weak, then a strong password won't matter. If the encryption is strong then a strong password is no better than a "weak" password beyond a dictionary word. A short made-up word will be adequate.
https://liveuamap.com/en/2017/27-june-statement-from-kaspersky-not-petya
Statement from @kaspersky. “Not Petya”, (it’s a new variant of ransomware.
I paid up a while back and got Malwarebytes full service. I sleep well.
Any company still running XP in the corporate network only has themselves to blame for anything that goes wrong.
Browsing other people’s computers on a public wifi is more difficult now. Most infections are self-inflicted. I once honey-potted a share on our network and it got ransomed so these things can crawl across networks.
Latest from ZeroHedge -
NSA Software Behind Latest Global Ransomware Attack
Tyler Durden’s picture
by Tyler Durden
Jun 27, 2017 2:24 PM
64
SHARES
Twitter
Facebook
Reddit
“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki’s cybersecurity firm F-Secure, when discussing today’s latest outbreak of the WannaCry-like ransomeware attack, which as we reported earlier started in Ukraine, and has since spread to corporate systems across the world, affecting Russian state oil giant Rosneft, the international shipping and energy conglomerate Maersk, and the UK public relations company WPP, before jumping across the Atlantic and going global, by infecting the US-based division of global pharma giant Merck, which this morning confirmed it has been hit by the “Petya” attack.
“We confirm our company’s computer network was compromised today as part of global hack,” Merck said in a statement on Tuesday. “Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”
Merck employees were instructed to disconnect all mobile devices from the company network and advised not to speak to reporters or post messages on social media accounts.
Computers at Merck facilities in Pennsylvania and New Jersey locked up Tuesday morning around 8am local time, according to the Inquirer.
Back in mid-May, when WannaCry spread with tremendous speed around the globe, many said that it’s only a matter of time before the virus returns in a more advanced, weaponized version. Sure enough, cyber security experts quoted by Reuters said those behind the attack appeared to have exploited the same hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a temporary kill-switch.
Hypponen said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. “This could hit the U.S.A. pretty bad,” he said. And, as Merck confirmed, it already has.
Within hours of the first attack, the U.S. Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.
The first reports of organizations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain.
Within hours, the attack had gone global.
In addition to the US, a Swiss government agency also reported computer systems were affected in India, though the country’s cyber security agency said it had yet to receive any reports of attacks according to Reuters.
For those infected, there may be just one option: pay the ransom. One victims of the cyber attack, a Ukrainian media company, said its computers were blocked and it had a demand for $300 worth of the Bitcoin crypto-currency to restore access to its files.
“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted by Ukraine’s Channel 24. The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway.
Other companies that said they had been hit by a cyber attack included Russian oil producer Rosneft, French construction materials firm Saint Gobain and the world’s biggest advertising agency, WPP - though it was not clear if their problems were caused by the same virus. “The building has come to a standstill. It’s fine, we’ve just had to switch everything off,” said one WPP employee who asked not to be named.
The virus was seen on various Ukraine ATMs, leading to jokes that while normally you ask ATMs for money, in hacked Ukraine, ATMs ask you.
Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught. Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya.
It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender. “There is no workaround to help victims retrieve the decryption keys from the computer,” the company said.
Russian security software maker Kaspersky Lab, however, said its preliminary findings suggested the virus was not a variant of Petya but a new ransomware not seen before
As noted earlier, Ukraine was quick to accuse Russia. An advisor to Ukraine’s interior minister said the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them. According to the state security agency, the emails contained infected Word documents or PDF files as attachments.
But whatever the origin of the geographic hacking operation, the actual software used is the same that was created by the NSA and subsequently leaked by a disgruntled non-Russian employee. Now we are just waiting for the confirmation.
As a reminder, the quick proliferation of the original WannCry malware, which infected nearly 300,000 computers worldwide within a day, was due entirely to its use of two powerful software exploits that were released to the public in April by the anonymous hacker group calling itself the Shadow Brokers, which said the exploits were developed by the US National Security Agency (NSA).
On Tuesday, Edward Snowden asked “How many times does @NSAGov’s development of digital weapons have to result in harm to civil infrastructure before there is accountability?”
Apparently, not enough.
Meanwhile, governments and so-called experts had laughably come to the conclusion that the North Korean government was behind the original WannaCry attack. We just can’t wait for the those same “experts” to again blame this latest global malware attack on Kim and his team of crack blackhats.
Finally, for thnose who want to keep track of how many people have made the ransom payment, there is a twitter for that: there is now a Twitter bot, @petya_payments, that will tweet each time a new ransom payment is made to the bitcoin wallets associated with the Petya attack.
Are you on the right thread?
I really do not have any more sympathy for these folks than I would for someone who never changes the oil in their car. They pretty much get what they deserve.
Our electricity just came back up. It was out for a little over an hour (ComEd — Chicago suburbs).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.