Many Firms Hit by Global Cyber Attacks - Petrwrap
Firms around the globe are reporting that they have been hit by a major cyber-attack. Some experts have suggested that it could be a ransomware attack, similar to Wannacry which hit last month. Alan Woodward, a computer scientist at Surrey University, said: "It appears to be a variant of a piece of ransomware that emerged last year.
More on this story via the BBC.
10 Comments
Comment
Given last week's $1 million payout, no surprise that new attacks are flaring up
The ransomware that targeted the hosting provider (Nayana) in South Korea was a finely targeted money grab. Bringing down a large web host and then negotiating payment is the perfect example of utilizing ransomware for monetary gain. However, that (imo) is a different ballgame.
The Wannacry and now KindaPetya are attempts to create economic losses and cripple national infrastructure. They aren't in it for the ransom. I'd be surprised if the bitcoin ever moves out of the receiving wallets.
Comment
Why can't these slimy criminals be traced down and dealt with once and for all?!? I just don't get it.
Even when using BitCoin, somewhere there is an Internet provider who has a log of which IP accessed a bitcoin wallet and where that computer was at the time the access occurred. Why can't organizations like the FBI and Interpol force providers to supply those records for inspection in cases like this? And yes I know you can hide your identity and location with the use of multiple vpn's, but the same reasoning applies. Somewhere, there has to be a log! So many questions, so few answers.
This type of greedy attack on humanity isn't just an inconvenience, it's potentially costing lives when hospital records are being crippled. I truly hope there isn't a single ransom payment as a result of this latest attack .. but I suspect that's just me being naive. sigh..
Even when using BitCoin, somewhere there is an Internet provider who has a log of which IP accessed a bitcoin wallet and where that computer was at the time the access occurred. Why can't organizations like the FBI and Interpol force providers to supply those records for inspection in cases like this? And yes I know you can hide your identity and location with the use of multiple vpn's, but the same reasoning applies. Somewhere, there has to be a log! So many questions, so few answers.
This type of greedy attack on humanity isn't just an inconvenience, it's potentially costing lives when hospital records are being crippled. I truly hope there isn't a single ransom payment as a result of this latest attack .. but I suspect that's just me being naive. sigh..
Comment
Tor + chained VPN to anonymize the user.
Bitcoin mixer(s) to anonymize the bitcoins.
Bitcoin wallet address created anonymously, offline.
But none of the bitcoins have moved. So...
Tracking down the culprits won't happen by following the blockchain or Tor exit nodes or asking some VPN provider in Iceland for a log file that potentially doesn't even exist. It will happen through tracking the origin of the ransomware. And for any smart alecks out there, I don't mean track it allllll the way back to the NSA.
Bitcoin mixer(s) to anonymize the bitcoins.
Bitcoin wallet address created anonymously, offline.
But none of the bitcoins have moved. So...
Tracking down the culprits won't happen by following the blockchain or Tor exit nodes or asking some VPN provider in Iceland for a log file that potentially doesn't even exist. It will happen through tracking the origin of the ransomware. And for any smart alecks out there, I don't mean track it allllll the way back to the NSA.
I wanted to provide an update for everyone as this thread is becoming more and more popular.
As this relates to Webroot, we currently protect against this variant.
We first saw it hit Webroot’s radars at around 10 am UTC today in the US, but it has since been seen in a number of other countries including Ukraine, Japan, China, and the UK. Early analysis appears to show the ransomware looks to encrypt the Master Boot Record (MBR) on infected machines as well as the victim’s files, similar to the Petya ransomware seen last year. A large percentage of infected machines appear to be Windows 7 and 10, with the majority running the 64-bit OS.
More from David Kennerley, Director of Threat Research at Webroot, on our community.
As this relates to Webroot, we currently protect against this variant.
We first saw it hit Webroot’s radars at around 10 am UTC today in the US, but it has since been seen in a number of other countries including Ukraine, Japan, China, and the UK. Early analysis appears to show the ransomware looks to encrypt the Master Boot Record (MBR) on infected machines as well as the victim’s files, similar to the Petya ransomware seen last year. A large percentage of infected machines appear to be Windows 7 and 10, with the majority running the 64-bit OS.
More from David Kennerley, Director of Threat Research at Webroot, on our community.
UPDATE
A host of companies across industries have confirmed attacks today by a brutal wave of ransomware, including global law firm DLA Piper, U.S. pharmaceutical giant Merck, and the Danish shipping company Maersk. Although targets originally appeared in Ukraine—shutting down power plants, banking services and supermarkets—this latest cyberattack has quickly spanned critical economic sectors around the globe.
Webroot customers are protected against this variant. This cyberattack was first seen by our threat research team at roughly 10:00 a.m. UTC today.
More information on our blog here.
Comment
In the meantime, Ukraine Twitter social media account manager is handling this situation like a boss:
https://twitter.com/Ukraine/status/879706437169147906
https://twitter.com/Ukraine/status/879706437169147906
Comment
The Petya ransomware has caused serious disruption at large firms. Ransomware attack continue to be a huge challenge for organizations with incidents reaching record highs. This article explains bit more about 'Petya' ransomware attack strikes companies across Europe and US.
Also check this this article to defense the ‘Petya’ Ransomware Attack.
Also check this this article to defense the ‘Petya’ Ransomware Attack.
Recommended Posts
So this year I decided it was really about time I applied for the
@vExpert subprograms, and guess what! I'm in! So Thanks to our Programme Manager![2024-vExpert-PRO.png]()
![2024-vExpert-vSAN.png]()
![2024-vExpert-vSphere.png]()
![vexpert-badge-stars-2024.png]()
![vexpert-badge-year-2024.png]()
@vCommunityGuy and Sub Programme Business Units!
@vExpert subprograms, and guess what! I'm in! So Thanks to our Programme Manager
@vCommunityGuy and Sub Programme Business Units!
Exchange Server Roadmap Update.
MS have moved the release date for the next version of Exchange Server to the second half of 2025.
It requires Server and CAL licenses and will be accessible only to customers with Software Assurance,
https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/3421389
MS have moved the release date for the next version of Exchange Server to the second half of 2025.
It requires Server and CAL licenses and will be accessible only to customers with Software Assurance,
https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/3421389
