Large-scale cyber attack with "ransomware"

robeiae
Thaumaturge

On a down bound train

Posts: 6,692

Large-scale cyber attack with "ransomware" May 13, 2017 9:44:23 GMT -5

Post by robeiae on May 13, 2017 9:44:23 GMT -5

www.bbc.com/news/world-europe-39907965

Ransomware encrypted data on at least 75,000 systems in 99 countries on Friday. Payments were demanded for access to be restored.
European countries, including Russia, were among the worst hit.

Although the spread of the malware - known as WannaCry and variants of that name - appears to have slowed, the threat is not yet over.

Europol said its cyber-crime team, EC3, was working closely with affected countries to "mitigate the threat and assist victims".

More: www.zerohedge.com/news/2017-05-13/24-hours-later-unprecedented-fallout-first-global-coordinated-ransomware-attack

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a "worm", or self spreading malware, by exploiting a piece of NSA code known as "Eternal Blue" that was released last month by a group known as the Shadow Brokers (see "Hacker Group Releases Password To NSA's "Top Secret Arsenal" In Protest Of Trump Betrayal") , researchers with several private cyber security firms said.

This attack is apparently limited to Windows-based computers.

FYI, my mother got hit with a ransomware-style attack. But since she was on Chromebook, it was easy enough to circumvent with a hard reset/reboot.

Quote

Angie
Cognoscente

Posts: 741

Large-scale cyber attack with "ransomware" May 13, 2017 10:06:14 GMT -5

Post by Angie on May 13, 2017 10:06:14 GMT -5

That's the beauty of Chromebooks. I thought they were a novelty until I actually got one. They're pretty nice machines, and with the less-than-5-minute hard reset option, they're damned-near indestructible from a software standpoint.

My desktop machine is Windows, though, so I have antivirus and two different anti-malware programs. PITA.

The bit about hospitals being unable to access patient data was scary.

<< This is, like, my draw-ring and stuff.

Quote

Don
Illuminati

Posts: 1,547

Large-scale cyber attack with "ransomware" May 14, 2017 9:42:25 GMT -5

Post by Don on May 14, 2017 9:42:25 GMT -5

Nice job of "protecting" us, NSA!

____________________________________________________
Economics puts parameters on people’s utopias. ~Peter Boettke
"It's the voter's fault" is victim-blaming in its purest sense. ~Don
The 'social contract' is to the politician what 'original sin' is to the priest. ~Don
The vision of the helpful and protective state is the most pervasive and counter-productive ideology in the world today. ~Don
____________________________________________________

Quote

robeiae
Thaumaturge

On a down bound train

Posts: 6,692

Large-scale cyber attack with "ransomware" May 15, 2017 8:43:13 GMT -5

Post by robeiae on May 15, 2017 8:43:13 GMT -5

money.cnn.com/2017/05/14/technology/global-cyberattack-explanation/index.html

Microsoft released a security patch for the vulnerabilities in March. But many corporations don't automatically update their systems, because Windows updates can screw up their legacy software programs.

The phenomenon of companies failing to update their systems has been a persistent security problem for years. Playing with fire finally caught up with the victims.

Quote

robeiae
Thaumaturge

On a down bound train

Posts: 6,692

Large-scale cyber attack with "ransomware" May 17, 2017 9:03:19 GMT -5

Post by robeiae on May 17, 2017 9:03:19 GMT -5

So, everyone is saying--per Don's reference--that this was the "Shadow Brokers," a group (or even just one or two) of hackers who hacked the NSA and retrieved all of these tools to do what they are doing.

Here's a piece arguing that there must be at least one insider--contractor or a part of the US intelligence community--involved: www.mcclatchydc.com/news/nation-world/national/national-security/article150827507.html

Here's the Shadow Borkers' latest statement re the ransomware attack: steemit.com/shadowbrokers/@theshadowbrokers/oh-lordy-comey-wanna-cry-edition

This obviously looks like cyberwar between the "Equation Group" and the "Shadow Brokers." The above piece says as much, in fact. Shadow Brokers is claiming the stolen tools were offered back to Equation Group and the latter passed, which is why Shadow Brokers unleashed this attack.

To me, it looks like Shadow Brokers is a spin-off from Equation Group, that it's membership is drawn from the latter. And of course, it's assumed that the NSA is the source of Equation Group.

This is messed up...

Quote

Angie Cognoscente Posts: 741	Large-scale cyber attack with "ransomware" May 17, 2017 10:06:35 GMT -5 robeiae likes this Post by Angie on May 17, 2017 10:06:35 GMT -5 Vs.
	<< This is, like, my draw-ring and stuff. Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top

Deleted Deleted Member Posts: 0	Large-scale cyber attack with "ransomware" May 17, 2017 10:52:42 GMT -5 Post by Deleted on May 17, 2017 10:52:42 GMT -5 Damn it, where are the dogs when we need them?
	Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top

robeiae
Thaumaturge

On a down bound train

Posts: 6,692

Large-scale cyber attack with "ransomware" Jun 28, 2017 8:40:55 GMT -5

Post by robeiae on Jun 28, 2017 8:40:55 GMT -5

It happened again: money.cnn.com/2017/06/28/technology/ransomware-attack-petya-what-you-need-to-know/index.html

A massive ransomware attack has hit businesses around the world, causing major companies to shut down their computer systems.

Researchers are still investigating the software behind the attack, warning that it's more sophisticated than the WannaCry worm that struck hundreds of thousands of computers across the globe last month.

"WannaCry was a tremendous failure. It was a lot of noise, very little money, and everyone noticed it," said Craig Williams, an expert at cybersecurity firm Cisco Talos. "What we're seeing today is a much more intelligent worm."

Shadow Brokers' latest statement: steemit.com/shadowbrokers/@theshadowbrokers/theshadowbrokers-monthly-dump-service-july-2017

They're pretty much saying they did it and will do it again, unless people pay up. There's also a direct message--threat--to an individual in it.

Anyway, I notice that many of the businesses that are getting hit are ones who don't really need to have all their computers networked and connected to the internet (for instance, Maersk got hit, so it couldn't load or unload at many ports; that seems avoidable, imo). Battlestar Galactica reboot?

Last Edit: Jun 28, 2017 13:48:37 GMT -5 by robeiae

Quote

Vince524 Illuminati Eating bacon Posts: 2,009	Large-scale cyber attack with "ransomware" Jun 28, 2017 12:00:52 GMT -5 Post by Vince524 on Jun 28, 2017 12:00:52 GMT -5 Can't they just unplug it and reboot?
	Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top

robeiae Thaumaturge On a down bound train Posts: 6,692	Large-scale cyber attack with "ransomware" Jun 28, 2017 13:51:07 GMT -5 Post by robeiae on Jun 28, 2017 13:51:07 GMT -5 No, not on a Windows-based machine. The ransomware still takes control of the system, even on a reboot, because it's actually on the computer.
	Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top

Optimus
Illuminati

Posts: 2,508

Large-scale cyber attack with "ransomware" Jun 29, 2017 1:33:57 GMT -5 robeiae likes this

Post by Optimus on Jun 29, 2017 1:33:57 GMT -5

I have nothing to add other than I think it's super nerdy that "The Shadow Brokers" stole their name from a character in the Mass Effect video game series.

I mean, it's a cool name but if I had a hacker group and was gonna steal a fictional character's name as my own, I'd probably go with "The Decepticons" or "The Cobra Commanders" or something like that.

Quote

ben
Pundit

Posts: 75

Large-scale cyber attack with "ransomware" Jun 29, 2017 21:07:48 GMT -5

Post by ben on Jun 29, 2017 21:07:48 GMT -5

A few months ago I read "Countdown To Zero Day," it's mostly about Stuxnet and the long unraveling of what it was and what it did, but it also discussed NSA and other government entities (for both the USA and other countries) that spend considerable effort to discover software vulnerabilities. The "moral thing to do" is report these to the companies whose software is affected so they can patch it (some even offer cash rewards for exploits they haven't seen before), but these entities keep the vulnerabilities secret, and use them to spy on people they're interested in. The morality of this is at best questionable, because such things stay in the software and can be discovered by yet other evil entities to cause harm.

Not a lizard person.

Quote

ben
Pundit

Posts: 75

Large-scale cyber attack with "ransomware" Jun 29, 2017 21:10:01 GMT -5

Post by ben on Jun 29, 2017 21:10:01 GMT -5

Jun 28, 2017 13:51:07 GMT -5 robeiae said:

No, not on a Windows-based machine. The ransomware still takes control of the system, even on a reboot, because it's actually on the computer.

If you want to read about a legitimate (!) company installing bad things on your (Windows) computer without telling you, google Sony rootkit.

Not a lizard person.

Quote

Post by robeiae on May 13, 2017 9:44:23 GMT -5

Post by Angie on May 13, 2017 10:06:14 GMT -5

Post by Don on May 14, 2017 9:42:25 GMT -5

Post by robeiae on May 15, 2017 8:43:13 GMT -5

Post by robeiae on May 17, 2017 9:03:19 GMT -5

Post by Angie on May 17, 2017 10:06:35 GMT -5

Post by Deleted on May 17, 2017 10:52:42 GMT -5

Post by robeiae on Jun 28, 2017 8:40:55 GMT -5

Post by Vince524 on Jun 28, 2017 12:00:52 GMT -5

Post by robeiae on Jun 28, 2017 13:51:07 GMT -5

Post by Optimus on Jun 29, 2017 1:33:57 GMT -5

Post by ben on Jun 29, 2017 21:07:48 GMT -5

Post by ben on Jun 29, 2017 21:10:01 GMT -5