After Defcon, the FBI arrested the UK national who stopped Wannacry

Update: Here is the indictment. Hutchins is accused of making and selling a keylogger called the "Kronos banking trojan."

Marcus Hutchins is the 23 year old security researcher behind the @MalwareTechBlog Twitter account; he's the guy who figured out that the Wannacry worm had an accidental killswitch built in and then triggered it, stopping the ransomware epidemic in its tracks. — Read the rest

Hacker Marcus Hutchins and the massive cyberattack he thwarted

Earth's Deadliest [Computer] Virus is a great overview of the 2017 Wannacry ransomware attack, and Marcus Hutchins' efforts to halt its progress.

The Disrupt video is based on the terrific Wired article by Andy Greenberg, which describes Hutchins' arrest and questioning about the Kronos banking malware he had written as a teen:

For those minutes, Hutchins allowed himself to believe that perhaps the agents wanted only to learn more about his work on WannaCry, that this was just a particularly aggressive way to get his cooperation into their investigation of that world-shaking cyberattack.

Read the rest

Cybersecurity agency warns of 'imminent, increased cybercrime threat to U.S. hospitals and healthcare providers"

On Wednesday night less than one week before the election, as COVID-19 cases spike throughout the United States, the nation's cybersecurity agency says: "there is an imminent and increased cybercrime threat to U.S. hospitals and healthcare providers."

Here's the tweet tonight from CISA, the Cybersecurity and Infrastructure Security Agency:

Read the rest

Hackers hack hackers to steal their hacking tools and deflect blame

Rule #1 of hacking is "attribution is hard" (other contenders: "don't be on fire," "don't get involved in a land-war in Asia" or "there is no security in obscurity"), which is to say, it's really hard to say who hacked you, in part because it's really easy for hackers to make it look like someone else did the deed.

A new ransomware strain is seemingly using a leaked NSA cyberweapon to race around the planet

Petya is a well-known ransomware app that has attained a new, deadly virulence, with thousands of new infection attempts hitting Kaspersky Lab's honeypots; security firm Avira attributes this new hardiness to the incorporation of EternalBlue — the same NSA cyberweapon that the Wannacry ransomware used, which was published by The Shadow Brokers hacker group — into a new Petya strain.

An IoT botnet is trying to nuke Wcry's killswitch

Whoever created the Wcry ransomware worm — which uses a leaked NSA cyberweapon to spread like wildfire — included a killswitch: newly infected systems check to see if a non-existent domain is active, and if it is, they fall dormant, ceasing their relentless propagation.

Powerful Russian Orthodox cleric summoned to spritz computers with holy water to fight ransomware

Patriarch Kirill of the Russian Orthodox Church is a powerful reactionary figure in the country's toxic political scene, which has welded a tale of thwarted imperial destiny to a thin-skinned fundamentalist theology that can't bear the slightest sign of mockery; he's blamed ISIS on secularism and Pride parades and says that marriage equality literally heralds the imminent apocalypse.