YouTuber PewDiePie has more subscribers than anyone else on the network, and some of his rabid fans have released at least two ransomware strains that encrypt hard drives and display a notice that informs victims that a decryption key will be made available only when PewDiePie's account gets 100 million subscribers. One of the ransomware strains also warned victims that if, at any time, the Indian Bollywood channel T-Series gets more subscribers than PewDiePie, the decryption key will not be released.

From ZD Net:

Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.

I made this whilst learning java 😂I hope I didn't cause to much of an issue for anyone. Here is the decryption tool: https://t.co/2hkUIsLRxv its command line based. Keep up to good work

— __JustMe__ (@JustMe79194181) February 25, 2019

Yesterday, the team at Emsisoft released their own decrypter app based on these two tools, meaning victims can recover files without having to wait months until PewDiePie reached 100 million subscribers.

Both ransomware strains show the level of idiocy the competition for YouTube's top spot has reached. While T-Series fans have remained mostly quiet most of this time, a portion of PewDiePie's fans appears to have lost their minds and engaged in media stunts bordering on criminal behavior.

They've defaced sites, taken over printers, and hijacked thousands of Chromecasts and smart TVs to spew out messages of support and the now-classical "subscribe to PewDiePie."

The message itself has become a meme, and not in a good way.

A coalition of shipping industry associations has published The Guidelines on Cyber Security Onboard Ships, laying out best practices for the giant ships that ply the seas, and revealing that these behemoths are routinely infected with worms, ransomware, and malware spread by infected USB devices. Read the rest “Ships are just giant floating computers, filled with ransomware, BadUSB, and worms”

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest “NHS okays hospitals and doctors storing patient data on public cloud servers”

No More Ransom is a joint effort by Europol, the Dutch police, Kaspersky and McAfee to help people who've been compromised by ransomware get their data back without paying off criminals. Read the rest “No More Ransom: a clearinghouse for removing ransomware without paying”

The global epidemic of Wannacry ransomware infections was the result of petty criminals fusing an old ransomware strain with a leaked NSA cyberweapon that was released by The Shadow Brokers, and the result was tens of millions of dollars' worth of economic harm. Read the rest “A new, virulent ransomware epidemic is fuelled by yet another leaked NSA cyberweapon”

Respected security researcher Dan Wallach from Rice University has published a short (18 page) guide to securing small organizations against three kinds of cyberattack: Untargeted, ​remote ​(spammers, ​phishers, ​ransomware ​griefers, ​etc.); Targeted, ​remote ​(spear ​phishers); and Targeted, ​in ​person ​(immigration ​agents, ​police, ​criminal ​trespass). Read the rest “Simple steps your small organization can take to defend itself against cyberattacks”

The Wannacry worm burned through the world's unpatched IT systems, hitting more than 80 countries in 24 hours, taking down hospitals, airlines, banks and logistics companies, until a hidden killswitch was able to halt its spread. Read the rest “Global Wannacry payout: $140,000 -- a superweapon in the hands of dum-dums”

According to Kaspersky, the Petya ransomware that raced around the world this week wasn't ransomware at all, and there is no way to get back your files after it does its work (that's why it was so easy to shut down the email address the ransomware used to negotiate payments and decryption with victims whose computers had been taken over). Read the rest “That "ransomware" attack was really a cyberattack on Ukraine”

Yesterday's massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware's author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account. Read the rest “Ransomware crook's email provider shuts down account, so now no one can pay their ransom”

Hot on the heels of the WannaCry attack, a massive, new, ransomware attack has struck Europe, shutting down systems in Ukraine, Britain, and Spain.

From The Telegraph:

The virus is believed to be ransomware - a piece of malicious software that shuts down a computer system and then demands an extortionate sum of money to fix the problem.

It comes just a few weeks after the WannaCry hack which affected more than 150 countries and crippled parts of the NHS.

American and British analysts believe that attack, which unfolded in May, was carried out by North Korea. It remains unclear who is responsible for Tuesday's attack.

Posted by the Deputy Prime Minister of #Ukraine, Pavlo Rozenko, This is what's happening to government computers right now. pic.twitter.com/SxCudRt0AD

— Christian Borys (@ItsBorys) June 27, 2017

"Unexpected ransomware in bagging area" pic.twitter.com/7IUODTe4mp

— Graham Cluley (@gcluley) June 27, 2017

From Wired:

It's not yet clear where the wave of attacks originated or who is behind it. "Everyone talked about Ukraine first, but I don't know. It's worldwide," says MalwareHunterteam, a researcher with the MalwareHunterTeam analysis group.

Most troubling, perhaps, is that Petya doesn't appear suffer the same errors that stunted WannaCry's spread. The amateurish mistakes that marked that outbreak limited both the scope and the eventual payouts collected; it even included a "kill switch" that shut it off entirely after just a couple of days.

Image: Christiaan Colen Read the rest “New massive ransomware attack paralyzing European banks, airports, government departments”

Whoever created the Wcry ransomware worm -- which uses a leaked NSA cyberweapon to spread like wildfire -- included a killswitch: newly infected systems check to see if a non-existent domain is active, and if it is, they fall dormant, ceasing their relentless propagation. Read the rest “An IoT botnet is trying to nuke Wcry's killswitch”

Patriarch Kirill of the Russian Orthodox Church is a powerful reactionary figure in the country's toxic political scene, which has welded a tale of thwarted imperial destiny to a thin-skinned fundamentalist theology that can't bear the slightest sign of mockery; he's blamed ISIS on secularism and Pride parades and says that marriage equality literally heralds the imminent apocalypse. Read the rest “Powerful Russian Orthodox cleric summoned to spritz computers with holy water to fight ransomware”

“The self-spreading ‘WannaCry’ internet worm, which ripped through 160,000 computers and crippled hospitals and other businesses, is now being linked to a North Korean cyber gang,” reports Kevin Poulsen at Daily Beast. Read the rest “New clues in WannaCry ransomware attack point to North Korea and Kim Jong Un”

Yesterday's report of a Wcry ransomware version that didn't have the killswitch that halted the worm's spread was retracted by Motherboard and Kaspersky Lab -- but today, France's Benkow computing document a new Wcry strain that has a different killswitch -- one that has already been registered, stopping the new strain. Read the rest “Yesterday's report of hardier Wcry retracted, but new versions found”

Motherboard has retracted this story: "Correction: This piece was based on the premise that a new piece of WannaCry ransomware spread in the same manner as the one that was responsible for widespread attacks on Friday, and that it did not contain a so-called kill switch. However, after the publication of this article one of the researchers making this claim, Costin Raiu, director of global research and analysis team at Kaspersky Lab, realized that was not the case. The ransomware samples without the kill switch did not proflierate in the same manner, and so did not pose the same threat to the public. Motherboard regrets the error."

Yesterday, the world got a temporary respite from the virulent Wcry ransomware worm, which used a leaked NSA cyberweapon to spread itself to computers all over the world, shutting down hospitals, financial institutions, power companies, business, and private individuals' computers, demanding $300 to reactivate them. Read the rest “Retracted! Wcry ransomware is reborn without its killswitch, starts spreading anew”

As the Wcry ransomware burned across the globe yesterday, spreading to more than 80 countries thanks to a bug in Windows that the NSA deliberately kept secret in order to weaponize it, it seemed unstoppable. Read the rest “The virulent ransomware worm has been stopped (for now) by a hidden killswitch”

25 NHS trusts and multiple doctors' practices in England and Scotland (but so far, not Northern Ireland or Wales) report that they have had to effectively shut down due to a massive Wcry ransomware infection that has stolen whole swathes of the English healthcare system in one go. The infection appears to exploit a bug that the NSA discovered and deliberately kept secret, only to have it revealed by the Shadow Brokers. Read the rest “Ransomware hackers have stolen hospitals and doctors' offices across the UK, using a leaked NSA cyberweapon”