Latest Ransomware Hackers Didn't Make WannaCry's Mistakes

 

Oh Boy... Here's more fun for us!!

The latest sweeping ransomware assault bares some similarity to the WannaCry crisis that struck seven weeks ago. Both spread quickly, and both hit high-profile targets like large multinational companies and critical infrastructure providers. But while WannaCry's many design flaws caused it to flame out after a few days, this latest ransomware threat doesn't make the same mistakes.

Originally identified as Petya, a ransomware that first started circulating in 2016, the current attack now appears to be a Petya offshoot, with added refinements such as stronger encryption. Some researchers call this new iteration “NotPetya” or “GoldenEye,” while others still refer to it as Petya. Regardless of the name, it has already hit 2,000 targets, seizing the systems of high-profile victims like Danish shipping giant Maersk, US pharmaceutical company Merck, and multiple private and public institutions in Ukraine.

Prease to read more here:


Latest Ransomware Hackers Didn't Make WannaCry's Mistakes

https://www.wired.com/story/petya-ransomware-wannacry-mistak...


A Scary New Ransomware Outbreak Uses WannaCry’s Old Tricks

https://www.wired.com/story/petya-ransomware-outbreak-eterna...


Maersk says global IT breakdown caused by cyber attack

http://www.reuters.com/article/us-cyber-attack-maersk-idUSKB...


Cyber attack sweeps globe, researchers see 'WannaCry' link

https://www.reuters.com/article/us-cyber-attack-idUSKBN19I1T...


Ransomware Virus Hits Computer Servers across the Globe

https://www.scientificamerican.com/article/ransomware-virus-...

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

Not me

Not that I expect to be hit by such a virus/malware, I'm not important enough, I do exercise caution. As an example I think I am like many others, I have people in my address book from whom I NEVER EVER get an email. It has happened to me that I would get one out of the blue and purportedly coming from such a person. This I am extremely reluctant to open. But there are ways to ascertain if this is actually from that person and I have found several times that even though the email apparently came from "Joe Blow" the actual address was something quite different. Goes into the SPAM file immediately and also immediately gets deleted permanently out of the SPAM folder !

--
Nuvi 350 long gone, Nuvi 855LMT, Nuvi 2797LMT, SmartDrive 50 LMT-HD, 3790LMT now my daughters. Using Windows 10. DashCam A108C with GPS.

.

That's why I send, and receive email in text-only format.

Any file types, email addies, and links are in plain view.

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

Like...

So many other infections it relies on someone to open the initial file/email to start the infection on the local network. It still amazes me to this day that people STILL click on links and open file attachments from unknown sources/persons. Even after you tell them not to, they do so anyway. Its like a Pavlovian response when they see a URL link or file attachment in an email.

.

bennor3814 wrote:

So many other infections it relies on someone to open the initial file/email to start the infection on the local network. It still amazes me to this day that people STILL click on links and open file attachments from unknown sources/persons. Even after you tell them not to, they do so anyway. Its like a Pavlovian response when they see a URL link or file attachment in an email.

It's not as easy/simple as that. What if I tell you the email appears to come from a "known" person or company?

Let me begin by saying that the initial infection might have been from a compromised software update server for an accounting software in Ukraine: http://www.zdnet.com/article/microsoft-petya-ransomware-atta...

However, let's just assume email is (another) method of infection. These days, attackers are becoming more clever. They spend time to learn the vendors, shipping companies and other companies that deal with a particular company they're targeting. They craft an email that looks very real as if they're coming from the vendors the target company normally deals with every single day. I have seen a few myself but I know how to check the validity of an email.

Everyone is a target

Melaqueman wrote:

Not that I expect to be hit by such a virus/malware, I'm not important enough, I do exercise caution.
....

EVERYONE is a target. Some of this is deliberately targeted at the bigger companies, but it spreads randomly. And don't ever think your home is not a likely target. I bought a new home router recently which has many more advanced features than the old one did. This one can be set to save a log about all intrusion attempts. There is not a single day that goes by that I don't have at least 5 or 6 intrusion attempts of one sort or another. These come from all over the world!

Just like the robo-dialers for telemarketers, these hackers run scripts that just try random IP addresses to probe for weaknesses. They have no idea of who the script is targeting.

Going on the techie networking sites to look into this, they tell me that this is entirely normal to see intrusion attempts this often.

.

johnc wrote:

EVERYONE is a target. Some of this is deliberately targeted at the bigger companies, but it spreads randomly. And don't ever think your home is not a likely target. I bought a new home router recently which has many more advanced features than the old one did. This one can be set to save a log about all intrusion attempts. There is not a single day that goes by that I don't have at least 5 or 6 intrusion attempts of one sort or another. These come from all over the world!

Just like the robo-dialers for telemarketers, these hackers run scripts that just try random IP addresses to probe for weaknesses. They have no idea of who the script is targeting.

Going on the techie networking sites to look into this, they tell me that this is entirely normal to see intrusion attempts this often.

5 or 6 attempts a day? I got hundreds of those every single day. I also manage a mail server. There are thousands of login attempts to take over the server everyday.

Attacks

chewbacca wrote:

5 or 6 attempts a day? I got hundreds of those every single day. I also manage a mail server. There are thousands of login attempts to take over the server everyday.

Same story here. One of my clients has a Linux server I set up for them which operates as their mail server, domain controller, etc. Not only are there CONSTANT attacks against SSH (Fail2ban is your friend here, if you want to stick with [STRONG!] password authentication even though keys are better) but there is the constant onslaught of spam and virus-laden emails.

If there are any available exploits, including Zero-day exploits, to be used against your server and any other reachable computing resources, you can count on them hitting your network. They'll try to use your server to DOS other sites if you have an open DNS-resolver, etc... the list goes on and on.

Chewbacca - I've found ASSP to be a very effective spam-filter, more effective than anything else I've seen (free, paid, etc.) and it's free and open-source software. You can run it on Windows or Linux/Unix. You can use it with ClamAV which pretty much sucks out of the box but when you add the unofficial SaneSecurity signatures it becomes extremely effective for even very new attacks. Sanesecurity has phishing-related signatures as well. ASSP can be configured to handle messages that were tagged by clamav as suspicious differently than messages with actual virus code. The result is a series of checks which, taken together, makes it extremely difficult to get a bad message in without being detected, while generating few, if any, false-positives.

There are no guarantees in the current landscape but there are at least a lot of great tools available to help mitigate the threats. The "good?" news is that users are at least becoming more aware of these attacks and how to minimize their risk now that they are also being targeted directly by ransomware, as opposed to those attacks only creating a headache for corporations and administrators.

- Phil

Thanks for the info. The

Thanks for the info. The company I currently work for will be switching over to Microsoft cloud service (Exchange). At this time I don't want to make anymore changes to the setup because the company won't be hosting their own mail server in the near future.