It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Another global ransomware cyber-attack
page: 3share:
As research is still continuing the variant has been identified as modified version of Petya called Petrawarp.
And yes it is moving west. U.S. drug company Merck has been hit as well.
There is absolutely no need for all of this, we built the Foxtrot Frankenstein.
And yes it is moving west. U.S. drug company Merck has been hit as well.
There is absolutely no need for all of this, we built the Foxtrot Frankenstein.
a reply to: flatbush71
Power source may also refer to:
A source of primary energy, an energy form found in nature that has not been subjected to any conversion or transformation process
Energy carrier, or secondary energy, a substance or phenomenon that contains energy that can be later converted to other forms such as mechanical work or heat or to operate chemical or physical processes
Power source may also refer to:
A source of primary energy, an energy form found in nature that has not been subjected to any conversion or transformation process
Energy carrier, or secondary energy, a substance or phenomenon that contains energy that can be later converted to other forms such as mechanical work or heat or to operate chemical or physical processes
originally posted by: flatbush71
As research is still continuing the variant has been identified as modified version of Petya called Petrawarp.
And yes it is moving west. U.S. drug company Merck has been hit as well.
There is absolutely no need for all of this, we built the Foxtrot Frankenstein.
Exactly.
I wondering if there's more to PetrWrap than what just seems to be going on.
a reply to: knowledgehunter0986
You can't never be sure, but I simply applied Occam. If I were a cracker that aimed at taking out as many as possible Windows systems, I would certainly NOT advertise this fact by putting up banners and ask for money. I would silently infect as many systems as I could and then, say after a few days, would encrypt the hard drive without any further notice. Let "them" figure out what happened.
The rather clumsy way they asked for money - mail your bitcoin data to this address.. - is suspicious, but may indicate that the author may be quite young aand/or inexperienced. Similarly, the odd choice of files that are and aren't decrypted seems to indicate a rather stupid agent. Add to that that it does not take much to assemble stuff like this if you have time and some open source toolkits at your hand and the picture emerges of some Ukrainian boy that hacked himself to glory (well, kinda). No new exploits were used, in as far as we know by now.
Not too many infections have been spotted outside Eastern Europe and the number of reported infections isn't rising as quickly as expected. It seems that MeDoc was the infection source.
So: a script kid / beginner. Not the NSA, nor the Russians (whom, as I read, now have to send out real scientists of flesh and blood to Chernobyl, as the reporting stations that measure the current levels of radiation also were taken out).
You can't never be sure, but I simply applied Occam. If I were a cracker that aimed at taking out as many as possible Windows systems, I would certainly NOT advertise this fact by putting up banners and ask for money. I would silently infect as many systems as I could and then, say after a few days, would encrypt the hard drive without any further notice. Let "them" figure out what happened.
The rather clumsy way they asked for money - mail your bitcoin data to this address.. - is suspicious, but may indicate that the author may be quite young aand/or inexperienced. Similarly, the odd choice of files that are and aren't decrypted seems to indicate a rather stupid agent. Add to that that it does not take much to assemble stuff like this if you have time and some open source toolkits at your hand and the picture emerges of some Ukrainian boy that hacked himself to glory (well, kinda). No new exploits were used, in as far as we know by now.
Not too many infections have been spotted outside Eastern Europe and the number of reported infections isn't rising as quickly as expected. It seems that MeDoc was the infection source.
So: a script kid / beginner. Not the NSA, nor the Russians (whom, as I read, now have to send out real scientists of flesh and blood to Chernobyl, as the reporting stations that measure the current levels of radiation also were taken out).
I think this is a combination of people out to make a quick buck in bitcoin taking advantage of apparently incompetent admins who still havent updated
their systems even after WannaCry but also a precursor to something more serious..
Some of these infected systems could be confronted with the typical 300$ ransom and encrypted files. The companies give in and pay the ransom then go on to think all is dandy meanwhile there could be other holes left open. I mean, with this kind of access - other malware could also be hiding without a notification via ransom being displayed just waiting, gathering data in the meantime silently.
Some of these infected systems could be confronted with the typical 300$ ransom and encrypted files. The companies give in and pay the ransom then go on to think all is dandy meanwhile there could be other holes left open. I mean, with this kind of access - other malware could also be hiding without a notification via ransom being displayed just waiting, gathering data in the meantime silently.
A global cyber-attack that affected companies around the world may have started via corrupted updates on a piece of accountancy software.
Fingers are increasingly pointing to a piece of Ukrainian tax-filing software, Medoc, as the source of the infection, although the company denies it.
Malware generally infiltrates networks via email attachments that users click on in error.
...
In email correspondence with the BBC, Mr Hutchins said: "It looks like the software's automatic update system was compromised and used to download and run malware rather than updates for the software."
It was not yet clear how it had been compromised, he added
BBC.com, news, technology - Tax software blamed for cyber-attack spread.
A back-door through a legitimate update? The article says it hit the Ukraine the hardest so it may be "politically motivated."
If it was a Ukrainian "tax software" that would explain why the US was mostly spared. The US would not be using that tax system or software. And it looks for MS MFT and the previously patched SMB exploit. Which means people did not patch their systems with the SMB patch.
With auto-update on and a trusted update it would be very hard to stop this from spreading.
The bad thing is it now shows the script kiddies a new approach to getting mal-ware/ransom-ware onto computers.
On topic:
Yeah, it looks like the NSA tools allowed this to happen.
Not so sure. Actually, many software engineers introduce "backdoors" in their code for testing purposes, with the full intent to remove them in the production version. But sometimes such backdoors remain in the code. Intelligence agencies are aware of this and try to find such backdoors. Most backdoors give you access to the core of the system, and often with elevated rights. This enables you to do with the system whatever you want. So, you can actually do stuff like monitoring the screen, gather keypresses (including your passwords), sniff disks and networks, take screenshots etc. - and all without the subject even realising this. Secret services SHOULD of course report this to - say - Microsoft, but well, then MS would patch the systems and in effect kill their intelligence..
OK so not Ivan after all, having given thought to this, given that all Intel or MS chips have built-in codes & that there is certainly not only a back door but a means to trace the owner of said CPU, now add to that, that the G**gle complex in America is next door to the NSA mainframe, and that the new G**gle complex is situated right where the fibre optic cables from the USA meet mainland Europe, you can imagine they can look into everything.
The latest attack cost the rotterdam shipyards millions, and now they want 100 million to deal with the problem.
WTF...i can install their computers with some free online software that would have prevented the NotPeta attack.
Hell i only want 50 mill for the job, i'm not greedy or anything
It's their own damn fault for not paying attention but hey, let's try to milk a disaster, right?
a reply to: TEOTWAWKIAIFF
Absolutely right!
My passport is dealt with by a private company in Paris, my wages calculated by an Amercan company, my pension & tax are dealt with by a Dutch software firm, my pension index is worked out on a computer in India.
Yet i am a citizen of none of these countries.
Scary isnt it?
Absolutely right!
My passport is dealt with by a private company in Paris, my wages calculated by an Amercan company, my pension & tax are dealt with by a Dutch software firm, my pension index is worked out on a computer in India.
Yet i am a citizen of none of these countries.
Scary isnt it?
new topics
-
Big Storms
Fragile Earth: 48 minutes ago -
Where should Trump hold his next rally
2024 Elections: 3 hours ago -
Shocking Number of Voters are Open to Committing Election Fraud
US Political Madness: 4 hours ago -
Gov Kristi Noem Shot and Killed "Less Than Worthless Dog" and a 'Smelly Goat
2024 Elections: 5 hours ago -
Falkville Robot-Man
Aliens and UFOs: 5 hours ago -
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents: 5 hours ago -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order: 6 hours ago -
Ireland VS Globalists
Social Issues and Civil Unrest: 7 hours ago -
Biden "Happy To Debate Trump"
2024 Elections: 7 hours ago -
RAAF airbase in Roswell, New Mexico is on fire
Aliens and UFOs: 7 hours ago
top topics
-
A Warning to America: 25 Ways the US is Being Destroyed
New World Order: 17 hours ago, 21 flags -
Blast from the past: ATS Review Podcast, 2006: With All Three Amigos
Member PODcasts: 10 hours ago, 13 flags -
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents: 5 hours ago, 12 flags -
Biden "Happy To Debate Trump"
2024 Elections: 7 hours ago, 12 flags -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order: 6 hours ago, 12 flags -
Mike Pinder The Moody Blues R.I.P.
Music: 10 hours ago, 8 flags -
What is the white pill?
Philosophy and Metaphysics: 9 hours ago, 6 flags -
Shocking Number of Voters are Open to Committing Election Fraud
US Political Madness: 4 hours ago, 5 flags -
Ireland VS Globalists
Social Issues and Civil Unrest: 7 hours ago, 5 flags -
RAAF airbase in Roswell, New Mexico is on fire
Aliens and UFOs: 7 hours ago, 5 flags
active topics
-
Gov Kristi Noem Shot and Killed "Less Than Worthless Dog" and a 'Smelly Goat
2024 Elections • 34 • : cherokeetroy -
Ireland VS Globalists
Social Issues and Civil Unrest • 7 • : boatguy12 -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 292 • : TheWoker -
I am beholden to my truth, of which I share with you now.
Dreams & Predictions • 24 • : BrotherKinsMan -
Big Storms
Fragile Earth • 6 • : lilzazz -
Starburst galaxy M82 - Webb Vs Hubble
Space Exploration • 11 • : Arbitrageur -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 817 • : RazorV66 -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7137 • : PorkChop96 -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest • 21 • : ToneD -
Biden "Happy To Debate Trump"
2024 Elections • 49 • : TheMisguidedAngel