petya

'Sandworm' hacking group linked to Russian GRU's Main Center for Special Technology, says U.S.

U.S. State Department blames Russia for cyberattacks that hit neighboring Georgia in October 2019

By identifying Russia's digital assaults on neighbors, US hopes to raise awareness of ongoing GRU attacks on US Read the rest

Attribution is hard: the incredible skullduggery used to try to blame the 2018 Olympic cyberattack on North Korea

Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers. Read the rest

Notpetya: the incredible story of an escaped US cyberweapon, Russian state hackers, and Ukraine's cyberwar

Andy Greenberg (previously) is Wired's senior security reporter; he did amazing work covering Russian cyberwarfare in Ukraine, which he has expanded into a forthcoming book: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers (I read it for a blurb and a review; it's excellent). Read the rest

How insurance companies are fueling a rise in ransomware attacks by paying the ransom

ProPublica's Minhee Cho says: "Thought you might be interested in ProPublica’s latest report detailing how insurance companies are actually fueling a rise in ransomware attacks by choosing to pay the ransom, even when they could recover the files on their own. Why? Plain and simple: the attacks are good for business.

"More often than not, paying the ransom is a lot cheaper for insurers than the loss of revenue they have to cover otherwise. But, by rewarding hackers, these companies have created a perverted cycle that encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies. In fact, it seems hackers are specifically extorting American companies that they know have cyber insurance. After one small insurer highlighted the names of some of its cyber policyholders on its website, three of them were attacked by ransomware.

"The cyber insurance industry is now estimated to be a $7-8 billion market in the U.S. alone. In the past year, dozens of public entities in the U.S. — including the cities of Baltimore and Atlanta — have been paralyzed by ransomware. Just this month, attackers seeking millions of dollars encrypted the files of 22 Texas municipalities."

You can read more in her full story here.

Image: Unknown - http://hyphenet.com/wp-content/uploads/2016/04/petya-ransomware-screenshot.png, Public Domain, Link Read the rest

Two Russia-backed hacker groups target Europe ahead of elections, FireEye reports

Security services firm FireEye says two hacker groups known to be sponsored by the Russian government of Vladimir Putin are waging cyber-attacks currently against European government systems. Read the rest

Prominent newspapers across the United States come under cyberattack

2018 has been a dangerous year for those who bring us the news: according to the Committee to Protect Journalists, 129 journalists were killed this year. For the first time in history, the United States has been listed as one of the most dangerous countries in the world for journalists to ply their trade. The President of the United States has been calling the media industry an "enemy of the people" for the past two years. Many of his acolytes have bought into his bullshit: news rooms have come under assault by gunmen. Bomb threats against TV stations have been made on a number of occasions. Nicaragua's government has hamstrung the nation's independent press. Jamal Khashoggi of The Washington Post was strangled and sawed to pieces by Saudi operatives. President Trump pretty much shrugged his shoulders and got on with his life. The hate and distrust showered on those working to cast light on the dark secrets that our governments would rather not be known are a budding fascist's wet dream.

And now, many of the nation's newspapers of record have suffered a cyberattack.

From The Los Angeles Times:

A cyberattack that appears to have originated from outside the United States caused major printing and delivery disruptions at several newspapers across the country on Saturday including the Los Angeles Times, according to a source with knowledge of the situation.

The attack led to distribution delays in the Saturday edition of The Times, the San Diego Union-Tribune, the Chicago Tribune, Baltimore Sun and several other major newspapers that operate on a shared production platform.

Read the rest

L.A. morning show host surprised that a K-pop star from Vancouver speaks English

After K-pop group NCT 127 from Vancouver, Canada performed on KTTV-Fox 11's Good Day L.A., host Araksya Karapetyan gave one of the singers an odd compliment: "Very cool, your English is awesome. I love it."

Here's the clip:

Read the rest

The true story of Notpetya: a Russian cyberweapon that escaped and did $10B in worldwide damage

Andy Greenberg (previously) is a veteran Wired security reporter who has chronicled the frightening and chaotic world of cyberwar since its earliest days; in a forthcoming book called "Sandworm," Greenberg tells the fascinating and terrible tale of Notpetya (previously), a Russian cyberweapon (built on leaked NSA cyberweapons!) that disguised itself as criminal ransomware, but which was designed to identify and destroy key Ukrainian computer systems and networks. Read the rest

Pussy Riot gets a surprise rearrest as soon as they're released from jail for World Cup stunt

A little over two weeks ago, Russian feminist protest group Pussy Riot was arrested for crashing the field at the World Cup final wearing police uniforms. They were protesting illegal arrests. After serving 15 days in jail for their "crime," they were released, but then, to their surprise, were immediately arrested again. Looking at this video, it's obvious they weren't expecting this.

Their crime this time? According to The Guardian:

A tweet on Pussy Riot's official Twitter page said they had been charged with "the organisation and holding of public events without prior notice" and could face another 10 days behind bars.

Here they are at the world cup:

Read the rest

A new, virulent ransomware epidemic is fuelled by yet another leaked NSA cyberweapon

The global epidemic of Wannacry ransomware infections was the result of petty criminals fusing an old ransomware strain with a leaked NSA cyberweapon that was released by The Shadow Brokers, and the result was tens of millions of dollars' worth of economic harm. Read the rest

CCleaner, popular computer-cleaning tool, contained malware

CCleaner is a clean-your-computer app beloved of people who own inexplicably slow PCs. If you installed recent editions of it, you were installing malware. But the company behind it hasn't gone rogue, reports Reuters. Hackers compromised their systems.

A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.

Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.

“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program.

The infected version is 5.33, and you likely have it if you installed the Windows version of CCleaner between August 15 and September 13. That's 2.3 million installs, admits Avast.

CCleaner's owner, Avast-owned Piriform, has sought to ease concerns. Paul Yung, vice president of product at Piriform, wrote in a post Monday: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.

"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.

"Users of CCleaner Cloud version 1.07.3191 have received an automatic update.

Read the rest

That "ransomware" attack was really a cyberattack on Ukraine

According to Kaspersky, the Petya ransomware that raced around the world this week wasn't ransomware at all, and there is no way to get back your files after it does its work (that's why it was so easy to shut down the email address the ransomware used to negotiate payments and decryption with victims whose computers had been taken over). Read the rest

Ransomware crook's email provider shuts down account, so now no one can pay their ransom

Yesterday's massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware's author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account. Read the rest

A new ransomware strain is seemingly using a leaked NSA cyberweapon to race around the planet

Petya is a well-known ransomware app that has attained a new, deadly virulence, with thousands of new infection attempts hitting Kaspersky Lab's honeypots; security firm Avira attributes this new hardiness to the incorporation of EternalBlue -- the same NSA cyberweapon that the Wannacry ransomware used, which was published by The Shadow Brokers hacker group -- into a new Petya strain. Read the rest

New massive ransomware attack paralyzing European banks, airports, government departments

Hot on the heels of the WannaCry attack, a massive, new, ransomware attack has struck Europe, shutting down systems in Ukraine, Britain, and Spain.

From The Telegraph:

The virus is believed to be ransomware - a piece of malicious software that shuts down a computer system and then demands an extortionate sum of money to fix the problem.

It comes just a few weeks after the WannaCry hack which affected more than 150 countries and crippled parts of the NHS.

American and British analysts believe that attack, which unfolded in May, was carried out by North Korea. It remains unclear who is responsible for Tuesday's attack.

From Wired:

It's not yet clear where the wave of attacks originated or who is behind it. "Everyone talked about Ukraine first, but I don't know. It's worldwide," says MalwareHunterteam, a researcher with the MalwareHunterTeam analysis group.

Most troubling, perhaps, is that Petya doesn't appear suffer the same errors that stunted WannaCry's spread. The amateurish mistakes that marked that outbreak limited both the scope and the eventual payouts collected; it even included a "kill switch" that shut it off entirely after just a couple of days.

Image: Christiaan Colen Read the rest

Ransomware gets a lot faster by encrypting the master file table instead of the filesystem

In just a few short years, ransomware -- malware that encrypts all the files on the computer and then charges you for a key to restore them -- has gone from a clever literary device for technothrillers to a cottage industry to an epidemic to a public menace. Read the rest

Amnesty for Pussy Riot, Greenpeace 30

When Putin and the Kremlin throw a charm offensive to distract people from the popular uprising in the Ukraine and the institutionalized homophobia in Russia, it's good news for dissidents and former billionaires. Russia's Stalin-loving strongman has extended amnesty to Pussy Riot, the Greenpeace 30, and Mikhail Khodorkovsky (formerly Russia's richest man, who fell into Putin's bad books and onto hard times). Read the rest

Next page