Massive ransomware cyber-attack hits 74 countries around the world
#42
Go Giants
Yeah. It's Balmers
#43
https://www.reuters.com/article/us-h...-idUSKBN19C0EI
Honda halts Japan car plant after WannaCry virus hits computer network
Wed Jun 21, 2017
Honda Motor Co said on Wednesday it halted production at a domestic vehicle plant for a day this week after finding the WannaCry ransomware that struck globally last month in its computer network.
The automaker shut production on Monday at its Sayama plant, northwest of Tokyo, which produces models including the Accord sedan, Odyssey Minivan and Step Wagon compact multipurpose vehicle and has a daily output of around 1,000 vehicles.
Honda discovered on Sunday that the virus had affected networks across Japan, North America, Europe, China and other regions, a spokeswoman said, despite efforts to secure its systems in mid-May when the virus caused widespread disruption at plants, hospitals and shops worldwide.
Production at other plants operated by the automaker had not been affected, and regular operations had resumed at the Sayama plant on Tuesday, she said.
The spread of the WannaCry ransomware which locked up more than 200,000 computers in more than 150 countries has slowed since last month, but security experts have warned that new versions of the worm may strike.
Wed Jun 21, 2017
Honda Motor Co said on Wednesday it halted production at a domestic vehicle plant for a day this week after finding the WannaCry ransomware that struck globally last month in its computer network.
The automaker shut production on Monday at its Sayama plant, northwest of Tokyo, which produces models including the Accord sedan, Odyssey Minivan and Step Wagon compact multipurpose vehicle and has a daily output of around 1,000 vehicles.
Honda discovered on Sunday that the virus had affected networks across Japan, North America, Europe, China and other regions, a spokeswoman said, despite efforts to secure its systems in mid-May when the virus caused widespread disruption at plants, hospitals and shops worldwide.
Production at other plants operated by the automaker had not been affected, and regular operations had resumed at the Sayama plant on Tuesday, she said.
The spread of the WannaCry ransomware which locked up more than 200,000 computers in more than 150 countries has slowed since last month, but security experts have warned that new versions of the worm may strike.
#45
Moderator
Join Date: Oct 2004
Location: Not Las Vegas (SF Bay Area)
Age: 39
Posts: 63,171
Received 2,773 Likes
on
1,976 Posts
#46
Moderator
Join Date: Oct 2004
Location: Not Las Vegas (SF Bay Area)
Age: 39
Posts: 63,171
Received 2,773 Likes
on
1,976 Posts
#47
Go Giants
My friend just come by with his laptop. He works for Merck and told me his company was part of the ransomware attack today. He wanted to work offline. Went to boot up the laptop and it went into the bios boot menu to pick the drive or network boot and just looped. He said he was at work when they shut the network down and his screen went blue. So now I’m wondering if they were able to disable the laptop at the bios level or they zapped the drive. Pretty cool stuff.
#48
Needs more Lemon Pledge
Boy, if this isn't a giant wake up to MS to implement a file versioning system like btfrs, etc, I don't know what will do it...
The day you can simply "roll back" all your data to a week prior after seeing the encryption take hold will be a good day.
Until, of course, the ransomware deployers come up with a way to corrupt your versioning...
The day you can simply "roll back" all your data to a week prior after seeing the encryption take hold will be a good day.
Until, of course, the ransomware deployers come up with a way to corrupt your versioning...
#49
Go Giants
I just don't understand why MS can't patch it to not allow a rogue program to encrypt your hard drive.
#50
Needs more Lemon Pledge
I think a better approach may be to recognize and shut down (or request approval) for large quantities of write operations on the disk.
#51
Needs more Lemon Pledge
Also, recall KeRanger was able to encrypt files on OSX without being stopped.
https://www.welivesecurity.com/2017/...re-hits-macos/
https://www.welivesecurity.com/2017/...re-hits-macos/
#52
Go Giants
Also, recall KeRanger was able to encrypt files on OSX without being stopped.
https://www.welivesecurity.com/2017/...re-hits-macos/
https://www.welivesecurity.com/2017/...re-hits-macos/
#53
Needs more Lemon Pledge
#54
Moderator
Join Date: Oct 2004
Location: Not Las Vegas (SF Bay Area)
Age: 39
Posts: 63,171
Received 2,773 Likes
on
1,976 Posts
lets enter the admin password for something I didn't request
#55
Go Giants
#56
Needs more Lemon Pledge
True
#57
Go Giants
Looks like MS finally understand what Ive been saying. This should have been implemented in Windows 3.1 on: https://www.engadget.com/2017/06/29/...olled-folders/
The following users liked this post:
#1 STUNNA (06-29-2017)
#58
Race Director
I'm still amazed that institutions/businesses won't spend the $$$ to employ firewall appliances that will intercept the emails before they even get to the network...
#59
https://www.wired.com/story/wannacry...retech-arrest/
Hacker Who Stopped WannaCry Charged With Writing Banking Malware
08.03.17
Just three short months ago, security researcher Marcus Hutchins entered the pantheon of hacker heroes for stopping the WannaCry ransomware attack that ripped through the internet and paralyzed hundreds of thousands of computers. Now he's been arrested and charged with involvement in another mass hacking scheme—this time on the wrong side.
Yesterday authorities detained 22-year-old Hutchins after the Defcon hacker conference in Las Vegas as he attempted to fly home to the UK, where he works as a researcher for the security firm Kryptos Logic. Upon his arrest, the Department of Justice unsealed an indictment against Hutchins, charging that he created the Kronos banking trojan, a widespread piece of malware used to steal banking credentials for fraud. He's accused of intentionally creating that banking malware for criminal use, as well as being part of a conspiracy to sell it for $3,000 between 2014 and 2015 on cybercrime market sites such as the now-defunct AlphaBay dark web market.
But the short, eight-page indictment against Hutchins, a rising star in the hacker world, has already raised questions and skepticism in both legal and cybersecurity circles. Orin Kerr, a law professor at George Washington University who has written extensively about cybersecurity and hacking cases, says that based on the indictment alone, the charges look like "a stretch." Although the indictment claims Hutchins wrote the Kronos malware, nothing in the document illustrates that Hutchins possessed actual intent for the malware he allegedly created to be used in the criminal "conspiracy" he's accused of.
"It’s not a crime to create malware. It’s not a crime to sell malware. It’s a crime to sell malware with the intent to further someone else’s crime." Kerr says. "This story alone doesn’t really fit. There's got to be more to it, or it’s going to run into legal problems."
The news of Hutchins' arrest also shocked Defcon attendees and the wider cybersecurity community, in which Hutchins is a widely admired figure for his technical knowledge and his key actions to neuter the WannaCry epidemic in May. As Hutchins analyzed that catastrophic ransomware worm within its first hours of spreading, he noticed that it was connected to a nonexistent web domain, perhaps as a kind of test of whether it was running in a software simulation. Hutchins, who at the time was more widely known by his pseudonym MalwareTech or MalwareTechBlog, registered that domain and was surprised to find that it immediately caused WannaCry to stop spreading.
That quick work earned him immediate celebrity but also led some members of the media to track down his real name, though it's unclear whether that exposure helped law enforcement connect him to Kronos. Indications of his Kronos involvement could also have come in last month's FBI and Europol seizure of AlphaBay servers.
Hutchins isn't the only member of the malware "conspiracy" named in the indictment against him. It accuses another person, whose name is redacted from the document, of doing what seems to be the majority of the legwork to distribute Kronos, including listing the malware for sale on criminal forums, creating a video advertisement that showed how it worked, and offering so-called "crypting" services meant to hide the malware from detection. The indictment also accuses Hutchins of helping update the malware in February 2015, at least six months after it first went on sale—the only hint that he may have worked on it after it was being actively used for criminal actions.
Kronos gained attention in the security community in the summer of 2014, in part for its moderately hefty price tag: One Russian forum set the price tag at $7,000. IBM's security researchers at the time posted a translation of the Russian-language advertisement for the malware on a cybercriminal market, which promised that the code was "equipped with the tools to give you successful banking actions." Kronos was designed to not only function as a keylogger, collecting users' credentials from web banking interfaces, but also to alter banks' web pages in any major browser to add fields for additional information, like PIN codes, it would then transmit to a remote server. And it promised it would bypass any of the "sandbox" protections designed to isolate apps from interference and even protect the data it collected from being hijacked by other trojans on the same machine.
In a statement on Thursday, the Department of Justice noted that Kronos malware "presents an ongoing threat to privacy and security" and had been loaded onto victims' machines by the Kelihos botnet, a massive collection of hijacked machines whose Russian owner the FBI arrested in April.
Some associates of Hutchins also defended him Thursday on Twitter, even arguing that he has worked directly with US law enforcement. "I know Marcus. He has a business which fights against exactly this (bot malware), it's all he does. He feeds that info to US law enforcement," wrote Kevin Beaumont, a UK-based security architect. "The DoJ has seriously fucked up."
Another well-known researcher for security firm Rendition Infosec, Jake Williams, said he'd worked with Hutchins multiple times since 2013, met him in person at last year's Defcon, and shared malware samples. At one point in 2014, Williams says Hutchins refused his offer of payment for help on an educational project. Even when Hutchins was awarded a $10,000 "bug bounty" from security firm HackerOne for his work on stopping WannaCry, he gave it away to charity. "I have pretty good black hat radar," Williams wrote to WIRED, using the term "black hat" to mean a criminal hacker. "It NEVER went off when talking to him or exchanging stuff with him."
For the moment, neither the FBI nor the Department of Justice is commenting further on Hutchins' case beyond the DOJ's statement and the facts of the indictment. A spokesperson for the Electronic Frontier Foundation, which often offers legal representation to embattled hackers, wrote in a statement to WIRED that it's "deeply concerned" about Hutchins' arrest and are reaching out to him.
08.03.17
Just three short months ago, security researcher Marcus Hutchins entered the pantheon of hacker heroes for stopping the WannaCry ransomware attack that ripped through the internet and paralyzed hundreds of thousands of computers. Now he's been arrested and charged with involvement in another mass hacking scheme—this time on the wrong side.
Yesterday authorities detained 22-year-old Hutchins after the Defcon hacker conference in Las Vegas as he attempted to fly home to the UK, where he works as a researcher for the security firm Kryptos Logic. Upon his arrest, the Department of Justice unsealed an indictment against Hutchins, charging that he created the Kronos banking trojan, a widespread piece of malware used to steal banking credentials for fraud. He's accused of intentionally creating that banking malware for criminal use, as well as being part of a conspiracy to sell it for $3,000 between 2014 and 2015 on cybercrime market sites such as the now-defunct AlphaBay dark web market.
But the short, eight-page indictment against Hutchins, a rising star in the hacker world, has already raised questions and skepticism in both legal and cybersecurity circles. Orin Kerr, a law professor at George Washington University who has written extensively about cybersecurity and hacking cases, says that based on the indictment alone, the charges look like "a stretch." Although the indictment claims Hutchins wrote the Kronos malware, nothing in the document illustrates that Hutchins possessed actual intent for the malware he allegedly created to be used in the criminal "conspiracy" he's accused of.
"It’s not a crime to create malware. It’s not a crime to sell malware. It’s a crime to sell malware with the intent to further someone else’s crime." Kerr says. "This story alone doesn’t really fit. There's got to be more to it, or it’s going to run into legal problems."
The news of Hutchins' arrest also shocked Defcon attendees and the wider cybersecurity community, in which Hutchins is a widely admired figure for his technical knowledge and his key actions to neuter the WannaCry epidemic in May. As Hutchins analyzed that catastrophic ransomware worm within its first hours of spreading, he noticed that it was connected to a nonexistent web domain, perhaps as a kind of test of whether it was running in a software simulation. Hutchins, who at the time was more widely known by his pseudonym MalwareTech or MalwareTechBlog, registered that domain and was surprised to find that it immediately caused WannaCry to stop spreading.
That quick work earned him immediate celebrity but also led some members of the media to track down his real name, though it's unclear whether that exposure helped law enforcement connect him to Kronos. Indications of his Kronos involvement could also have come in last month's FBI and Europol seizure of AlphaBay servers.
Hutchins isn't the only member of the malware "conspiracy" named in the indictment against him. It accuses another person, whose name is redacted from the document, of doing what seems to be the majority of the legwork to distribute Kronos, including listing the malware for sale on criminal forums, creating a video advertisement that showed how it worked, and offering so-called "crypting" services meant to hide the malware from detection. The indictment also accuses Hutchins of helping update the malware in February 2015, at least six months after it first went on sale—the only hint that he may have worked on it after it was being actively used for criminal actions.
Kronos gained attention in the security community in the summer of 2014, in part for its moderately hefty price tag: One Russian forum set the price tag at $7,000. IBM's security researchers at the time posted a translation of the Russian-language advertisement for the malware on a cybercriminal market, which promised that the code was "equipped with the tools to give you successful banking actions." Kronos was designed to not only function as a keylogger, collecting users' credentials from web banking interfaces, but also to alter banks' web pages in any major browser to add fields for additional information, like PIN codes, it would then transmit to a remote server. And it promised it would bypass any of the "sandbox" protections designed to isolate apps from interference and even protect the data it collected from being hijacked by other trojans on the same machine.
In a statement on Thursday, the Department of Justice noted that Kronos malware "presents an ongoing threat to privacy and security" and had been loaded onto victims' machines by the Kelihos botnet, a massive collection of hijacked machines whose Russian owner the FBI arrested in April.
Some associates of Hutchins also defended him Thursday on Twitter, even arguing that he has worked directly with US law enforcement. "I know Marcus. He has a business which fights against exactly this (bot malware), it's all he does. He feeds that info to US law enforcement," wrote Kevin Beaumont, a UK-based security architect. "The DoJ has seriously fucked up."
Another well-known researcher for security firm Rendition Infosec, Jake Williams, said he'd worked with Hutchins multiple times since 2013, met him in person at last year's Defcon, and shared malware samples. At one point in 2014, Williams says Hutchins refused his offer of payment for help on an educational project. Even when Hutchins was awarded a $10,000 "bug bounty" from security firm HackerOne for his work on stopping WannaCry, he gave it away to charity. "I have pretty good black hat radar," Williams wrote to WIRED, using the term "black hat" to mean a criminal hacker. "It NEVER went off when talking to him or exchanging stuff with him."
For the moment, neither the FBI nor the Department of Justice is commenting further on Hutchins' case beyond the DOJ's statement and the facts of the indictment. A spokesperson for the Electronic Frontier Foundation, which often offers legal representation to embattled hackers, wrote in a statement to WIRED that it's "deeply concerned" about Hutchins' arrest and are reaching out to him.
#60
https://www.wsj.com/articles/new-ran...ine-1508886651
New Ransomware Outbreak Spreads Through U.S., Russia and Ukraine
Oct. 24, 2017
An outbreak of malicious software Tuesday froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks that have plagued companies and government agencies this year.
The outbreak, called Bad Rabbit, is a form of software called “ransomware” that encrypts files on victims computers, rendering the machines unusable until a ransom is paid off. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files.
The latest outbreak, which began early Tuesday, spread for several hours to visitors of Russian language media websites, said Sergey Nikitin, a researcher at the Russian security vendor Group-IB.
By late Tuesday, it had begun spreading to the U.S., according to Czech antivirus vendor Avast Software s.r.o. Also on Tuesday, the Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.
The ransomware masqueraded as an update to Adobe Systems Inc.’s Flash multimedia product, security researchers said, and once downloaded it attempted to spread within victims’ networks.
The attacks “do not utilize any legitimate Flash Player updates nor are they associated with any known Adobe product vulnerabilities,” an Adobe spokeswoman said in an email.
By late Tuesday, it had spread to Russia, Ukraine, Bulgaria, Turkey and Germany, security researchers said. Victims included Russia’s Interfax news agency; the subway system in Kiev, Ukraine; the international airport in Odessa, Ukraine; and Ukraine’s infrastructure ministry, Mr. Nikitin said.
It wasn’t clear how widespread the damage was. Kiev’s subway agency said on its website Tuesday its payment services weren’t operational. Odessa’s airport said in a note on Facebook it had been hacked. A note posted to Interfax’s website said the news service had been disrupted by a “hacker attack.”
When ransomware is designed to spread within corporate networks, as Bad Rabbit is intended to do, it can cause corporate operations to grind to a halt as one computer system after another becomes affected.
Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.
Security experts, though, said this latest outbreak is unlikely to cause far-reaching global disruptions on the scale of Petya.
The Petya outbreak didn’t originate in media sites, but with software widely used by Ukranians to file income-tax returns. Unless the Bad Rabbit hackers continue to spread their malware to other sites, their attack is unlikely to infect as many entities, said Craig Williams, a security-outreach manager with Cisco Systems Inc.
Oct. 24, 2017
An outbreak of malicious software Tuesday froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks that have plagued companies and government agencies this year.
The outbreak, called Bad Rabbit, is a form of software called “ransomware” that encrypts files on victims computers, rendering the machines unusable until a ransom is paid off. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files.
The latest outbreak, which began early Tuesday, spread for several hours to visitors of Russian language media websites, said Sergey Nikitin, a researcher at the Russian security vendor Group-IB.
By late Tuesday, it had begun spreading to the U.S., according to Czech antivirus vendor Avast Software s.r.o. Also on Tuesday, the Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.
The ransomware masqueraded as an update to Adobe Systems Inc.’s Flash multimedia product, security researchers said, and once downloaded it attempted to spread within victims’ networks.
The attacks “do not utilize any legitimate Flash Player updates nor are they associated with any known Adobe product vulnerabilities,” an Adobe spokeswoman said in an email.
By late Tuesday, it had spread to Russia, Ukraine, Bulgaria, Turkey and Germany, security researchers said. Victims included Russia’s Interfax news agency; the subway system in Kiev, Ukraine; the international airport in Odessa, Ukraine; and Ukraine’s infrastructure ministry, Mr. Nikitin said.
It wasn’t clear how widespread the damage was. Kiev’s subway agency said on its website Tuesday its payment services weren’t operational. Odessa’s airport said in a note on Facebook it had been hacked. A note posted to Interfax’s website said the news service had been disrupted by a “hacker attack.”
When ransomware is designed to spread within corporate networks, as Bad Rabbit is intended to do, it can cause corporate operations to grind to a halt as one computer system after another becomes affected.
Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.
Security experts, though, said this latest outbreak is unlikely to cause far-reaching global disruptions on the scale of Petya.
The Petya outbreak didn’t originate in media sites, but with software widely used by Ukranians to file income-tax returns. Unless the Bad Rabbit hackers continue to spread their malware to other sites, their attack is unlikely to infect as many entities, said Craig Williams, a security-outreach manager with Cisco Systems Inc.