Tag Archives: WCry

A new ransomware outbreak similar to WCry is shutting down computers worldwide

By Dan Goodin

Enlarge / This is the note that’s left on computers infected by PetyaWrap. (credit: Eset)

A new ransomware attack similar to last month’s self-replicating WCry outbreak is sweeping the world with at least 80 large companies infected, reportedly including drug maker Merck, international shipping company Maersk, law firm DLA Piper, UK advertising firm WPP, and snack food maker Mondelez International.

PetyaWrap, as the ransomware is called, uses the same potent National Security Agency exploit that allowed WCry to paralyze hospitals, shipping companies, and train stations in a matter of hours on May 12. EternalBlue, as the exploit was code-named by its NSA developers, was published in April by a still-unknown group calling itself the Shadow Brokers. The leak gave people with only moderate technical skills a powerful vehicle for delivering virtually any kind of digital warhead. Microsoft patched the underlying vulnerability in Windows 7 and 8.1 in March, and in a rare move the company issued fixes for unsupported Windows versions 24 hours after the WCry outbreak. That meant infections were only possible on machines that were running outdated versions of the OS.

PetyaWrap, according to researchers at antivirus provider F-Secure, uses a modified version of EternalBlue. There are also reports that it makes use of booby-trapped Microsoft Excel documents attached to phishing e-mails. The precise relationship between the malicious attachments and the EternalBlue exploit isn’t yet clear. One possibility is that the e-mails are used to infect one or more computers in an organization, and the ransomware then uses the NSA exploit to spread to other machines on the same network.

Read 5 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or you could get your own free WordPress site for free right now, here.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Windows 7, not XP, was the reason last week’s WCry worm spread so widely

By Dan Goodin

Enlarge (credit: Kaspersky Lab)

Eight days ago, the WCry ransomware worm attacked more than 200,000 computers in 150 countries. The outbreak prompted infected hospitals to turn away patients and shut down computers in banks and telecoms. Now that researchers have had time to analyze the self-replicating attack, they’re learning details that shed new and sometimes surprising light on the world’s biggest ransomware attack.

Chief among the revelations: more than 97 percent of infections hit computers running Windows 7, according to attacks seen by antivirus provider Kaspersky Lab. By contrast, infected Windows XP machines were practically non-existent, and those XP PCs that were compromised were likely manually infected by their owners for testing purposes. That’s according to Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team, who spoke to Ars.

While the estimates are based only on computers that run Kaspersky software, as opposed to all computers on the Internet, there’s little question Windows 7 was overwhelmingly affected by WCry, which is also known as “WannaCry” and “WannaCrypt.” Security ratings firm BitSight found that 67 percent of infections hit Windows 7, Reuters reported.

Read 11 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or you could get your own free WordPress site for free right now, here.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

More people infected by recent WCry worm can unlock PCs without paying ransom

By Dan Goodin

Enlarge (credit: Ed Westcott / American Museum of Science and Energy)

New hope glimmered on Friday for people hit by last week’s virulent ransomware worm after researchers showed that a broader range of PCs infected by WCry can be unlocked without owners making the $300 to $600 payment demand.

A new publicly available tool is able to decrypt infected PCs running Windows XP and 7, and 2003, and one of the researchers behind the decryptor said it likely works for other Windows versions, including Vista, Server 2008, and 2008 R2. The tool, known as wanakiwi, builds off a key discovery implemented in a different tool released Thursday. Dubbed Wannakey, the previous tool provided the means to extract key material from infected Windows XP PCs but required a separate app to transform those bits into the secret key required to decrypt files.

Matt Suiche, cofounder of security firm Comae Technologies, has tested wanakiwi and reports that it works. He provided the following screenshot of the tool in action:

Read 5 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or you could get your own free WordPress site for free right now, here.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Virulent WCry ransomware worm may have North Korea’s fingerprints on it

By Dan Goodin

Enlarge / Identical code found in WCry and 2015 malicious backdoor could be a smoking gun that provides crucial clues about the origin of Friday’s ransomware worm. (credit: Jo Christian Oterhals)

A researcher has found digital fingerprints that tie the WCry ransomware worm that menaced the world on Friday to a prolific hacking operation that previously generated headlines by attacking Sony Pictures, the Bangladesh Central Bank, and South Korean banks.

The link came in a cryptic Twitter message from Neel Mehta, a security researcher at Google. The tweet referenced identical code found in a WCry sample from February and an early 2015 version of Cantopee, a malicious backdoor used by Lazarus Group, a hacking team that has been operating since at least 2011. Previously discovered code fingerprints already tied Lazarus Group to the highly destructive hack that caused hard drives in South Korea to self-destruct in 2013, wiped almost a terabyte’s worth of data from Sony Pictures in 2014, and siphoned almost $1 billion from the Bangladesh Central Bank last year by compromising the SWIFT network used to transfer funds.

Over a matter of hours on Friday, Wcry used leaked National Security Agency-developed code to attack an estimated 200,000 computers in 150 countries. Also known as WannaCry, the self-replicating malware encrypted hard drives until victims paid ransoms ranging from $300 to $600. Infected hospitals soon responded by turning away patients and rerouting ambulances. Businesses and government agencies all over the world quickly disconnected computers from the Internet, either because they were no longer working or to prevent them from being hit. The outbreak was largely contained because the attackers failed to secure a domain name hard-coded into their exploit.

Read 10 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or you could get your own free WordPress site for free right now, here.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

WCry is so mean Microsoft issues patch for 3 unsupported Windows versions

By Dan Goodin

Enlarge (credit: Health Service Journal)

A day after a ransomware worm infected 75,000 machines in 100 countries, Microsoft is taking the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago.

The company also rolled out a signature that allows its Windows Defender antivirus engine to provide “defese-in-depth” protection. The moves came after attackers on Friday used a recently leaked attack tool developed by the National Security Agency to virally spread ransomware known as WCry. Within hours, computer systems around the world were crippled, prompting hospitals to turn away patients and telecoms, banks and companies such as FedEx to turn off computers for the weekend.

The chaos surprised many security watchers because Microsoft issued an update in March that patched the underlying vulnerability in Windows 7 and most other supported versions of Windows. (Windows 10 was never vulnerable.) Friday’s events made it clear that enough unpatched systems exist to cause significant outbreaks that could happen again in the coming days or months. In a blog post published late Friday night, Microsoft officials wrote:

Read 9 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or you could get your own free WordPress site for free right now, here.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!