It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
originally posted by: mirageman
a reply to: Misterlondon
It's looking like they've hit what many would consider essential services - finance, healthcare, utilities, communications, transport companies etc.
From my own experience it hit the Mediterranean countries then the UK. But the global pattern and damage caused will probably not emerge for hours or even days yet.
The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed "Jaff". Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware. Locky -- like Jaff -- also used the Necurs botnet and a booby-trapped PDF, security firm Malwarebytes notes.
"This is where the comparison ends, since the code base is different as well as the ransom itself," said Jerome Segura, a security researcher at Malwarebytes. "
Jaff asks for an astounding 2 BTC, which is about $3,700 at the time of writing." Proofpoint reckons Jaff may be the work of the same cybercriminals behind Locky, Dridex and Bart (other nasty malware) but this remains unconfirmed.
And Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday
Link
North Korea's hacking operations are growing and getting more bold -- and increasingly targeting financial institutions worldwide. North Korea is now being linked to attacks on banks in 18 countries, according to a new report from Russian cybersecurity firm Kaspersky. And the stolen money is likely being spent advancing North Korea's development of nuclear weapons, according to two international security experts.
Banks and security researchers have previously identified four similar cyber-heists attempted on financial institutions in Bangladesh, Ecuador, the Philippines and Vietnam. But researchers at Kaspersky now say the same hacking operation -- known as "Lazarus" -- also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
"We tend to patronize North Korea and mock them. But over the past decade, they have shown the world they are... very capable when it comes to cybercrime," he said.
originally posted by: nickovthenorth
a reply to: dianajune
If it turns out this was North Korea i think Lil Kim may have just signed his own death warrant
originally posted by: roadgravel
tech.slashdot.org...
Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware.
Yes, don't use adobe acrobat to open pdfs. If you insist on exposing yourself to the risks of acrobat there are still some things you can do:
originally posted by: DontTreadOnMe
Isn't there software protections against ransomware, like AVs?
Is there anything one can do to protect themselves?
Personally I like Sumatra and because of the risks I have rarely used any version of Adobe Acrobat more recent than version 5 and am inclined to only use more recent versions inside a "sandbox" which would isolate malware from the rest of the system.
The PDF has ability to deliver rich contents (static and dynamic) . Combined, these elements can deliver a visually appealing, interactive, and portable document. While we have all benefited from this feature-rich information-sharing venue, there exists a darker side. The dynamic PDF capabilities mentioned above can and have been used to house malicious content. In previous years, cybercriminals embedded malicious script to install malware and steal user credentials.
Normally, the PDF malware’s malicious behavior is in a script that is embedded In PDF files. The scripts that are responsible for malicious behavior can be written in a scripting language that PDF supports. JavaScript is the most popular for this purpose...
Protection
Enable automatic updates.
Disable PDF browser integration.
Always install the latest patch/update, even for older Adobe product versions.
Disable JavaScript.
Uncheck “Allow non-PDF file attachments with external applications” to prevent launch action vulnerability.
Use PDF alternatives such as Foxit, Sumatra, PDF XChange.
If this was a state-sponsored attack like the one I just posted about, then, imho, it is an act of war and needs to be dealt with accordingly.
originally posted by: nickovthenorth
a reply to: dianajune
If this was a state-sponsored attack like the one I just posted about, then, imho, it is an act of war and needs to be dealt with accordingly.
I agree 100% obviously there is a way to go before they will know where this came from but when they do as you say they should be dealt with accordingly.
On a related note just to show a small but inconvenient aspect to this i had taken the afternoon off work today to go and get injections for my upcoming holiday and i had re arrange because the nurse could not access my records as to confirm what injections i was there to get...like i said on the grand scale this is just a minor inconvenience but if i can't even get jabs what about people scheduled for ops and A & E departments etc...
Anthony Brett was about to have a stent put in his liver to treat his cancer when he was told the procedure could not happen. The 50-year-old from Bow, east London, said: 'I was about to have the operation but then the doctors came round this morning and said all the computers are down because of all the hacking and the procedure can't be done because they can't access my records.
originally posted by: nickovthenorth
a reply to: dianajune
If it turns out this was North Korea i think Lil Kim may have just signed his own death warrant
originally posted by: Misterlondon
Lots of companies affected.. looks like this is eternal blue. Which is a hack developed for the NSA.. American intelligence services!!
originally posted by: PokeyJoe
Basically it encrypts your hard drive. If you don't pay up, your HDD is basically a complicated paperweight.