To Customer Support To Customer Support

Many Firms Hit by Global Cyber Attacks - Petrwrap

F
Userlevel 7
Badge +48


 
 
Firms around the globe are reporting that they have been hit by a major cyber-attack.
 
Some experts have suggested that it could be a ransomware attack, similar to Wannacry which hit last month.
 
Alan Woodward, a computer scientist at Surrey University, said: "It appears to be a variant of a piece of ransomware that emerged last year.
 
More on the BBC. 
 
 

14 replies

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Another attack which can be put at the door of Wikileaks due to their release of all the vulnerabilities. So I wonder if those normal users who get hit who have supported the work of Wikileaks will continue to do so when they lose their data?
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Joseph Cox June 27 2017
 

A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can't get decryption keys.

 
On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted.
 
But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files.
 
Full Article.
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
This is what I have just seen on Webroots Twitter feed.

Baldrick
Rank
Userlevel 7
@ wrote:
Another attack which can be put at the door of Wikileaks due to their release of all the vulnerabilities. So I wonder if those normal users who get hit who have supported the work of Wikileaks will continue to do so when they lose their data?
I am seriously not sure as to whether these self important m_o_r_o_n_s from Wikileaks are actually not worse than your run of the mill miscreant...LOL:S
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
June 27, 2017  By Catalin Cimpanu
 
                                  


 
Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies.

According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers.

When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware — also referenced online as NotPetya, or Petna.
 
Full Article.
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Zeljka Zorz - June 28, 2017
 
The infection process

The delivered malware was not, as initially believed, the original Petya ransomware or the previously seen variant PetrWrap.

NotPetya, as this new threat was dubbed, is definitely made to look like Petya, and uses some of its code, but has its own specific characteristics:

According to Kaspersky Lab researchers, it waits for 10 to 60 minutes after the infection to reboot the system, and once that’s done, it begins encrypting the MFT table in NTFS partitions, overwriting the MBR with a customized loader with a ransom note.
 
Full Article.
Petrovic
Rank
Userlevel 7
Badge +52
New ransomware, old techniques: Petya adds worm capabilities
On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the United States.
 
The new ransomware has worm capabilities, which allows it to move laterally across infected networks. Based on our investigation, this new ransomware shares similar codes and is a new variant of Ransom:Win32/Petya. This new strain of ransomware, however, is more sophisticated.
Read more: Blogs Technet
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
F
Userlevel 7
Badge +48
Hey guys, 
 
I just wanted to say 'thanks' for adding all of these great links/articles to the thread. It's really helpful when everyone shares the latest stories so that we can all stay informed and up to date with the latest information as possible. 
 
Really appreciate it. Thanks again. 
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
 
June 28, 2017  By Catalin Cimpanu
 
                                          


 
The NotPetya ransomware that encrypted and locked thousands of computers across the globe yesterday and today is, in reality, a disk wiper meant to sabotage and destroy computers, and not ransomware. This is the conclusion of two separate reports coming from Comae Technologies and Kaspersky Lab experts.
 
Experts say that NotPetya — also known as Petya, Petna, ExPetr — operates like a ransomware, but clues hidden in its source code reveal that users will never be able to recover their files.
 
This has nothing to do with the fact that a German email provider has shut down the NotPetya operator's email account. Even if victims would be able to get in contact with the NotPetya author, they still have no chance of recovering their files.
 
Full Article.
 
tMc9072
Rank
Badge +8
With all of the malware going around, I cannot keep up with the news. I think that this one has two posts going on, but I may be incorrect as the language appears to be identical but I am not really sure.
 
Is Petwrap now Petya? Or are they separate bad boys?
 
I think that Jasper has identified my query. They are separate entities (if I can even call them that):@
 
Theresa
Where Every Body Reflects One cOmmon Thread
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Ordinary decent cybercriminal... or?

By John Leyden 29 Jun 2017
 
A Twitter user purporting to speak for the cybercrime group behind the original Petya ransomware has claimed they want to help "repair" the damage caused by this week's attack.
 
The Twitter account Janus Cybercrime Solutions (@JanusSecretary), which went dark for a time after the original Petya outbreak, was reactivated on Thursday – and it's not down with the chaos caused in Ukraine and beyond this week following the spread of somewhat similar code that encrypted compromised systems.
 
Full Article.
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
If people want to delve a little bit deeper here are 2 good articles from another security vendor:
 
EternalPetya and the lost Salsa20 key
 
EternalPetya – yet another stolen piece in the package?
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
  • NATO says a "state actor" was behind the recent cyberattack.
  • The cyberattack could be interpreted as an act of war, triggering Article 5.
  • The attack was designed to cause disruption, not to make financial gains, according to experts.
Luke GrahamFriday, 30 Jun 2017
 
A "state actor" was behind the cyberattack that hit over 12,000 devices in around 65 countries on Tuesday hitting major industries from advertising to oil, according to NATO.
 
The "Petya" ransomware attack encrypted files on a computer and demanded $300 worth of the cryptocurrency bitcoin in order to unlock them. Kaspersky Lab estimates at least 2,000 targets were affected, mostly in Russia and the Ukraine, but attacks were registered in several other countries, including Germany, the U.K. and China.
 
Full Article.
Baldrick
Rank
Userlevel 7
Well, to be honest I really do not think that this sort of thing is worth going to war militarily over...but rather the retaliation should be by counter cyber attacks. A proportionate response. :S
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.