Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
LEAKED NSA MALWARE IS HELPING HIJACK
#1
[Image: earth_night_rotate.jpg]




Friends, don't open anything from an unknown source.
Be very careful.
Quote:LEAKED NSA MALWARE IS HELPING HIJACK COMPUTERS AROUND THE WORLD
Coming to a Computer near you!
Quote:IN MID-APRIL, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the “Shadow Brokers.” Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.
[Image: C_n7v4BWsAAi8Sb-1494616021-1000x750.jpg]
(Not one of our computers.)
Quote:The malware worm taking over the computers goes by the names “WannaCry” or “Wanna Decryptor.”
It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin.

At this point, one’s computer would be rendered useless for anything other than paying said ransom. The price rises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or hackers) will make the data permanently inaccessible (WannaCry victims will have a handy countdown clock to see exactly how much time they have left).
Source
[/url]
There's more.
Quote:Dozens of countries hit by huge cyberextortion attack
[Image: 800.jpeg]
Quote:By ANICK JESDANUN, JILL LAWLESS and ARITZ PARRA
49 minutes ago
[Image: facebook-share.png]
[Image: twitter-share.png]
[Image: email.png]

RELATED TOPICS

More from
AP Top News

Dozens of countries hit by huge cyberextortion attack
[Image: slideshow-story-view.png]
[Image: 800.jpeg]
NEW YORK (AP) — Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.
It was believed to the biggest attack of its kind ever recorded.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the
National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.
Britain’s national health service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients. Russia appeared to be the hardest hit, according to security experts, with the country’s Interior Ministry confirming it was struck.

All told, several cybersecurity firms said they had identified the malicious software responsible for tens of thousands of attacks in more than 60 countries, including the United States, though its effects in the U.S. did not appear to be widespread, at least in the initial hours.

Computers were infected with what is known as “ransomware” — software that freezes up a machine and flashes a message demanding payment to release the user’s data. In the U.S., FedEx reported that its Windows computers were “experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware.
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history.”

Source
Once A Rogue, Always A Rogue!
[Image: attachment.php?aid=936]
#2
Just crazy stuff! Last year we had something similar infect our network at my shop. A contractor was working on something and unknowingly downloaded ransomware. Thankfully we do actual hard copy backups of our entire system every evening when the office manager leaves. We lost an entire day of work (which sucked...) but we were able to start fresh without paying any ransom.

But when it comes to healthcare facilities, government services, military, stocks, and god forbid: public utilities, we live in a world of a giant ticking time bomb...
#3
Whoever had the bright idea to put EVERYTHING on computers was an airhead!  Just look what danger they have placed us in by putting everything about our life on a digital format that any good hacker can get their hands on.  

And what happens if our grid goes down?  We get knocked back into the stone age!  

Yeah, thanks guys!  You bunch of f***ing (censored).   smallfit
#4
Meh .... hope they shut it all down .... see how long the idiots last without their fucking computers ..... 

*grabs drink ... sits back to watch the show an laugh .... *
Better to reign in hell ....
  than serve in heaven .....



#5
(05-13-2017, 10:37 AM)Daitengu Wrote: Meh .... hope they shut it all down .... see how long the idiots last without their fucking computers ..... 

*grabs drink ... sits back to watch the show an laugh .... *

OMG! The millennials would go NUTS!  

They wouldn't even know where to look for their safe place without their Smart Phones telling them, let alone knowing how to survive.   smalltappinghead


                                                       Where's the popcorn?   tinylaughing
#6
(05-13-2017, 05:11 AM)Mystic Wanderer Wrote: ...Whoever had the bright idea to put EVERYTHING on computers was an airhead...!
The same people who received the sealed envelopes of money from the many systems companies!
Edith Head Gives Good Wardrobe. 
#7
Seems a 22 year old has stopped this virus in it's tracks.   tinybiggrin

Quote:SAN FRANCISCO — The massive ransomware attack that crippled more than 20% of hospitals in the United Kingdom and disabled systems in as many as 74 countries appears to have been inadvertently stopped by a 22-year-old computer security researcher in England who began studying it Friday afternoon.

The story, which the as-yet-unnamed security whiz wrote up in a blog post on Saturday, is an example of the driven-to-puzzle-things-out mentality typical of people drawn to cybersecurity.

“He was in the right place at the right time, and he did the right thing without any hesitation,” said Dan Kaminsky, a longtime security researcher and chief scientist at White Ops, a New York-based based security firm.

Because nobody's really in charge of the Internet, it's messy and wonderful in equal proportion, he said.
"We maintain it with duct tape, bailing wire and the good graces of no small number of 'volunteer firefighters.'  I am hopeful for a future with more formal, funded support for this foundation of our suddenly global information economy. But it's pretty great that a 22-year-old can see a worldwide problem and spend a bit to help us all,” Kaminsky said.

How it happened
The ransomware appears to have first appeared close to 3:30 a.m. ET on Friday, according to researchers at Cisco Umbrella.
Within 12 hours it had been stopped in its tracks.

For the analyst, who for security reasons has chosen to only be identified by his online blog name of MalwareTech, things hit after lunch on Friday when he noticed all the fuss about a global ransomware attack and decided to investigate.

His day job is as a security researcher at Los Angeles-based Kryptos Logic, but he was actually supposed to be on vacation this week so he hadn't been plugged in.
"We'd had quite a bit of work over the last few months and we were both off. I'm actually in Venice right now," said his boss, Salim Neino,  CEO of Kryptos Logic. "We were talking online about how the biggest cyberattack of the year happens and we're both off."
Neither MalwareTech nor his boss stayed off, however.

Although only 22, he is known in the close-knit world of cybersecurity as someone who's good at "taking down big ugly things that are spreading fast," in the words of Ryan Kalember, vice president for cybersecurity at Proofpoint, a Sunnyvale, Calif.-based security company.
First credit to actually getting a sample of the malicious software code appears to go to Kafeine, a security researcher who doesn't give press interviews and only goes by his screen name, but who works for Proofpoint.

Malware Tech called him "a good friend and fellow researcher" in his blog post and noted that Kafeine passed him the sample so he could begin to reverse engineer it to see how it did what it was doing.

One of the first things MalwareTech noticed was that as soon as it installed itself on a new machine, the malware tried to send a message to an unregistered Internet address, or domain name.

He promptly registered that domain, so he could see what it was up to. This was at around 3 p.m. in London, 10 a.m. ET.
The registration wasn't done on a whim, he noted. "My job is to look for ways we can track and potentially stop botnets (and other kinds of malware)," he wrote on his blog.

However, in doing so, MalwareTech had inadvertently stopped the entire global attack in its tracks, though it took him and others awhile longer to realize it.

"Humorously," he wrote, "at this point we had unknowingly killed the malware."
The malware contained computer code that pinged an unregistered Web address, and if it didn't get back a message saying the address didn't exist, it would turn itself off.

"We think it was a kill switch that the creators built in," said Kalember. They would have been able to stop the spread of the software simply by registering and setting up the Web address — except MalwareTech got there first.

As a final test, he first ran the malware in a closed environment that was connected to the registered website and got nothing.
Then he ran it again after modifying the host system so that the connection would be unsuccessful, and the ransomware promptly took it over.
"Now you probably can’t picture a grown man jumping around with the excitement of having just been ransomwared, but this was me. The failure of the ransomware to run the first time and then the subsequent success on the second mean that we had in fact prevented the spread of the ransomware and prevented it ransoming any new computer since the registration of the domain," he wrote.

The website registration that stopped the ransomware that had caused thousands of companies tens of thousands of dollars worth of damage "cost about $10," said Neino.

Darien Huss, a security researcher at Proofpoint who'd been helping MalwareTech with the analysis, tweeted at 10:29 a.m. ET that the unregistered domain had been registered and the malware had stopped spreading.
Quote:#WannaCry propagation payload contains previously unregistered domain, execution fails now that domain has been sinkholed pic.twitter.com/z2ClEnZAD2
— Darien Huss (@darienhuss) May 12, 2017
"We were then able to get all the information out to the FBI," said Neino.

Soon thereafter the United Kingdom's National Cyber Security Centre posted the text of MalwareTech's blog on its site.
While this particular variant of the malware has been stopped, security experts are quick to point out that all that the criminals behind it would need to do is rewrite the code to either ping a different domain or remove that domain check and send it out.

This makes it all the more important that computers and networks quickly install the Windows patches that fix the problem that allowed the code to so easily spread in the first place. Microsoft issued that patch on March 14 but clearly many systems had not installed the crucial new software.
After a long and fruitful day, MalwareTech suggested that people do just that, then wrote, "Now I should probably sleep."



Source
#8
Thank You for that information.
I'm going to go and look for that patch.
Once A Rogue, Always A Rogue!
[Image: attachment.php?aid=936]


Forum Jump:


Users browsing this thread: 3 Guest(s)