- Joined
- 3 Nov 2010
- Messages
- 26,748
- Solutions
- 7
- Reaction score
- 36,064
Breaking Huge Global CyberAttack spreading right now. Probably a Petya variant that spreads through SMB
- Thread starter Jithin91
- Start date
- Replies: Replies 22
- Views: Views 1,980
- Joined
- 27 Oct 2016
- Messages
- 4,559
- Solutions
- 2
- Reaction score
- 6,720
Victims of the ongoing Petya cyberattack have paid £7,064 ($9,000) in Bitcoin to hackers so far to try and get their files back — but they won't have much luck.
Victims posted screenshots of messages showing up on their computer screens, instructing them to send $300 worth of Bitcoin to a Bitcoin wallet address. They were also told to send their own Bitcoin wallet ID and "personal installation key", a unique identifier generated by the ransomware, to a dedicated email address.
According to Blockchain.info, which shows Bitcoin transaction data, there have been 36 payments to that Bitcoin address to date.
Victims of the global cyberattack have paid $9,000 so far but can't get their files back
Victims posted screenshots of messages showing up on their computer screens, instructing them to send $300 worth of Bitcoin to a Bitcoin wallet address. They were also told to send their own Bitcoin wallet ID and "personal installation key", a unique identifier generated by the ransomware, to a dedicated email address.
According to Blockchain.info, which shows Bitcoin transaction data, there have been 36 payments to that Bitcoin address to date.
Victims of the global cyberattack have paid $9,000 so far but can't get their files back
- Joined
- 27 Oct 2016
- Messages
- 4,559
- Solutions
- 2
- Reaction score
- 6,720
Security researchers said the new "Petya" cyberattack sweeping around the world might be worse than the WannaCry attack in May, and it might be harder to stop.
The massive 'Petya' cyberattack has hit 64 countries so far and there's no kill switch this time
The massive 'Petya' cyberattack has hit 64 countries so far and there's no kill switch this time
- Joined
- 27 Oct 2016
- Messages
- 4,559
- Solutions
- 2
- Reaction score
- 6,720
- Joined
- 3 Nov 2010
- Messages
- 26,748
- Solutions
- 7
- Reaction score
- 36,064
- Joined
- 27 Oct 2016
- Messages
- 4,559
- Solutions
- 2
- Reaction score
- 6,720
@Bapun Raz Bro A new thread has been posted on petya topic
Breaking News - Huge Global CyberAttack spreading right now. Probably a Petya variant that spreads through SMB
Breaking News - Huge Global CyberAttack spreading right now. Probably a Petya variant that spreads through SMB
Jithin91
Contributor
- Joined
- 31 Jan 2017
- Messages
- 2,134
- Reaction score
- 3,577
Global cyberattack: What you need to know
A massive ransomware attack has hit businesses around the world, causing major companies to shut down their computer systems.
Researchers are still investigating the software behind the attack, warning that it's more sophisticated than the WannaCry worm that struck hundreds of thousands of computers across the globe last month.
"WannaCry was a tremendous failure. It was a lot of noise, very little money, and everyone noticed it," said Craig Williams, an expert at cybersecurity firm Cisco Talos. "What we're seeing today is a much more intelligent worm."
Big global brands -- like Mondelez (MDLZ), the maker of Oreos, and British advertising giant WPP (WPPGF) -- say their IT systems are experiencing problems.
Here's what you need to know about the attack:
What does it do?
The ransomware infects computers and locks down their hard drives. It demands a $300 ransom in the anonymous digital currency Bitcoin.
The email account associated with the ransomware has been blocked, so even if victims pay, they won't get their files back.
Law enforcement and cybersecurity experts agree that victims should never pay ransoms for such attacks.
How does it spread?
Researchers say the ransomware virus is a worm that infects networks by moving from computer to computer.
It uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft (MSFT, Tech30) released a patch for the flaw in March, but not all companies have used it.
EternalBlue was in a batch of hacking tools leaked earlier this year that are believed to have belonged to the U.S. National Security Agency.
Who's been hit?
Top international businesses headquartered in Europe and the U.S. have come under attack. They include Russian oil and gas giant Rosneft, Danish shipping firm Maersk, U.S.-based pharmaceutical company Merck and law firm DLA Piper. French retailer Auchan Group and the real estate division of BNP Paribas were also affected.
Ukrainian organizations took a particularly heavy blow. Banks, government offices, the postal service and Kiev's metro system were experiencing problems, officials said. The ransomware also caused problems with the monitoring system of the Chernobyl nuclear power plant.
It's not yet clear if companies in the Asia-Pacific region have been seriously affected.
Mondelez said its five manufacturing facilities in Australia and New Zealand had all been hit but some of them were still able to carry out limited production. And a Maersk facility for shipping containers in the Indian port city of Mumbai was shut down.
"There obviously are companies that will have been affected by this in Asia," said Michael Gazeley, managing director of Hong Kong-based cybersecurity provider Network Box. "But the success levels are lower, as they're attacking the same vulnerabilities as WannaCry."
Am I vulnerable?
Regular consumers who have up-to-date Windows computers are safe from this attack, experts say. However, if there's one out-of-date machine on a company's network, it could infect other connected computers.
Where did it start?
Researchers are still figuring out exactly what happened. But Cisco Talos says one way the ransomware got into computer systems was through software in Ukraine, a country that was hit especially hard by the attacks.
A Ukrainian company called MeDoc sent out a compromised update to its tax software that contained the malware, infecting computers that were running it, said Williams, the security expert at Cisco Talos.
Ukrainian officials confirmed a possible link to MeDoc. But the company denied its software spread the infection, saying in a Facebook post that the update was sent out last week and was free of viruses.
Who's behind it?
It's still too early to say who might be responsible for unleashing the virus.
Intelligence agencies and security researchers have linked last month's WannaCry attack to a group associated with North Korea. But it's unclear if the new ransomware worm is connected.
How is this different from WannaCry?
Like WannaCry, the new ransomware attack uses the EternalBlue tool to spread. But researchers say it also uses other parts of Windows to infect computers, including seizing user credentials.
Unlike WannaCry, it locks down a computer's entire hard drive instead of just the files. And it didn't shoot across the internet the way WannaCry did -- instead, it spreads inside company networks.
"It seems that the ones in charge of this campaign have learned quite a lot from the WannaCry campaign," said Itay Glick, the CEO of Israeli cybersecurity company Votiro.
Report from CNN
A massive ransomware attack has hit businesses around the world, causing major companies to shut down their computer systems.
Researchers are still investigating the software behind the attack, warning that it's more sophisticated than the WannaCry worm that struck hundreds of thousands of computers across the globe last month.
"WannaCry was a tremendous failure. It was a lot of noise, very little money, and everyone noticed it," said Craig Williams, an expert at cybersecurity firm Cisco Talos. "What we're seeing today is a much more intelligent worm."
Big global brands -- like Mondelez (MDLZ), the maker of Oreos, and British advertising giant WPP (WPPGF) -- say their IT systems are experiencing problems.
Here's what you need to know about the attack:
What does it do?
The ransomware infects computers and locks down their hard drives. It demands a $300 ransom in the anonymous digital currency Bitcoin.
The email account associated with the ransomware has been blocked, so even if victims pay, they won't get their files back.
Law enforcement and cybersecurity experts agree that victims should never pay ransoms for such attacks.
How does it spread?
Researchers say the ransomware virus is a worm that infects networks by moving from computer to computer.
It uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft (MSFT, Tech30) released a patch for the flaw in March, but not all companies have used it.
EternalBlue was in a batch of hacking tools leaked earlier this year that are believed to have belonged to the U.S. National Security Agency.
Who's been hit?
Top international businesses headquartered in Europe and the U.S. have come under attack. They include Russian oil and gas giant Rosneft, Danish shipping firm Maersk, U.S.-based pharmaceutical company Merck and law firm DLA Piper. French retailer Auchan Group and the real estate division of BNP Paribas were also affected.
Ukrainian organizations took a particularly heavy blow. Banks, government offices, the postal service and Kiev's metro system were experiencing problems, officials said. The ransomware also caused problems with the monitoring system of the Chernobyl nuclear power plant.
It's not yet clear if companies in the Asia-Pacific region have been seriously affected.
Mondelez said its five manufacturing facilities in Australia and New Zealand had all been hit but some of them were still able to carry out limited production. And a Maersk facility for shipping containers in the Indian port city of Mumbai was shut down.
"There obviously are companies that will have been affected by this in Asia," said Michael Gazeley, managing director of Hong Kong-based cybersecurity provider Network Box. "But the success levels are lower, as they're attacking the same vulnerabilities as WannaCry."
Am I vulnerable?
Regular consumers who have up-to-date Windows computers are safe from this attack, experts say. However, if there's one out-of-date machine on a company's network, it could infect other connected computers.
Where did it start?
Researchers are still figuring out exactly what happened. But Cisco Talos says one way the ransomware got into computer systems was through software in Ukraine, a country that was hit especially hard by the attacks.
A Ukrainian company called MeDoc sent out a compromised update to its tax software that contained the malware, infecting computers that were running it, said Williams, the security expert at Cisco Talos.
Ukrainian officials confirmed a possible link to MeDoc. But the company denied its software spread the infection, saying in a Facebook post that the update was sent out last week and was free of viruses.
Who's behind it?
It's still too early to say who might be responsible for unleashing the virus.
Intelligence agencies and security researchers have linked last month's WannaCry attack to a group associated with North Korea. But it's unclear if the new ransomware worm is connected.
How is this different from WannaCry?
Like WannaCry, the new ransomware attack uses the EternalBlue tool to spread. But researchers say it also uses other parts of Windows to infect computers, including seizing user credentials.
Unlike WannaCry, it locks down a computer's entire hard drive instead of just the files. And it didn't shoot across the internet the way WannaCry did -- instead, it spreads inside company networks.
"It seems that the ones in charge of this campaign have learned quite a lot from the WannaCry campaign," said Itay Glick, the CEO of Israeli cybersecurity company Votiro.
Report from CNN
- Joined
- 3 Nov 2010
- Messages
- 26,748
- Solutions
- 7
- Reaction score
- 36,064
Moved my posts, i wasn't aware of it bro. Thanks!
- Joined
- 27 Oct 2016
- Messages
- 4,559
- Solutions
- 2
- Reaction score
- 6,720
Petya cyber attack that swept globally, and has infected enterprise networks across Europe is actually much worse than initially thought. Security researchers have now come to the conclusion that the Petya attack is not a ransomware, but a wiper instead.
Kaspersky has also concluded this attack was wiper pretending to be a ransomware. The firm also analysed the installation id that is flashed on a victim’s screen, which they say is just generating random data. It cannot contain information to get the decryption key, says the firm. The conclusion is the attacker can’t actually decrypt the disk. Just like Suiche, Kaspersky also believes like the idea was destruction, not financial gain.
Petya cyber attack: This is a wiper, not ransomware and much, much worse
Kaspersky has also concluded this attack was wiper pretending to be a ransomware. The firm also analysed the installation id that is flashed on a victim’s screen, which they say is just generating random data. It cannot contain information to get the decryption key, says the firm. The conclusion is the attacker can’t actually decrypt the disk. Just like Suiche, Kaspersky also believes like the idea was destruction, not financial gain.
Petya cyber attack: This is a wiper, not ransomware and much, much worse
- Joined
- 27 Oct 2016
- Messages
- 4,559
- Solutions
- 2
- Reaction score
- 6,720
The GoldenEye strain of the Petya ransomware was designed to wipe out data, and hit companies throughout Europe and even one in Australia.
Russia behind GoldenEye ransomware attack, says Ukraine
Russia behind GoldenEye ransomware attack, says Ukraine