Who is online?
In total there are 16 users online :: 1 Registered, 0 Hidden and 15 Guests :: 1 Bot

Admin

[ View the whole list ]


Most users ever online was 111 on Thu 12 Dec 2013, 2:28 am
Latest topics
» ISRAEL VIDEO'S
Today at 7:34 pm by Admin

»  BRITAIN NEWS AND ALERT's
Today at 7:17 pm by Admin

» THE CLARION PROJECT
Today at 7:05 pm by Admin

» HEAVEN LETTERS
Today at 6:38 pm by Admin

» Daily Disciples
Today at 6:35 pm by Admin

» WORLD ISRAEL NEWS
Today at 2:11 am by Admin

» ENDTIME HEADLINES
Today at 1:37 am by Admin

» ISRAEL BREAKING NEWS
Yesterday at 11:36 pm by Admin

» FRANCIS FRANGIPANE MINISTRIES
Yesterday at 11:35 pm by Admin

» R.D SOUZA Saved by faith
Yesterday at 11:33 pm by Admin

» Delrifkah: HEBREW SAGE MIGHT SAY.
Yesterday at 11:28 pm by Admin

» THE MASTERS LIST Dean W. Masters
Yesterday at 11:26 pm by Admin

» NUGGET Today's Devotional
Yesterday at 11:23 pm by Admin

» Mrs. P's Haven of Refuge Inspirational
Yesterday at 11:22 pm by Admin

» GOSPEL FROM ASIA
Yesterday at 11:21 pm by Admin

» My Manna
Yesterday at 11:20 pm by Admin

» BRITAIN FIRST TAKING OUR COUNTRY BACK
Yesterday at 10:12 pm by Admin

»  Lord Rothschild Feared Dead After Plane Crash In Buckinghamshire
Fri 17 Nov 2017, 10:34 pm by Admin

» +Dev+ Michael D. Inman
Fri 17 Nov 2017, 7:55 pm by Admin

» Meditation Chip Brogden
Fri 17 Nov 2017, 7:51 pm by Admin

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search

SPREADING: New Cyberattack Spreads in Europe, Russia and U.S.

View previous topic View next topic Go down

SPREADING: New Cyberattack Spreads in Europe, Russia and U.S.

Post  Admin on Thu 29 Jun 2017, 5:28 pm

SPREADING: New Cyberattack Spreads in Europe, Russia and U.S.
JUNE 27, 2017
Computer systems from Russia to the United States were struck on Tuesday in an international cyberattack that bore similarities to a recent assault that crippled tens of thousands of machines worldwide. As reports of the attack spread quickly, the Ukrainian government said that several of its ministries, radiation monitoring at the Chernobyl nuclear facility, local banks and metro systems had been affected. A number of companies — including the Danish shipping giant
Maersk; Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency — also said they had been targeted. And in the first confirmed cases in the United States, Merck, the drug giant, confirmed that its global computer networks had been hit, as did DLA Piper, the multinational law firm. 
Cyberattack Hits Ukraine Then Spreads Internationally
By NICOLE PERLROTH, MARK SCOTT and SHEERA FRENKELJUNE 27, 2017
Continue reading the main story

Several companies have been affected by the Petya cyberattack, including, from left, Rosneft, the Russian energy giant; Merck, a pharmaceutical company; and Maersk, a shipping company. Credit Left, Sergei Karpukhin/Reuters; center, Matt Rourke/Associated Press; right, Enrique Castro Sanchez/Agence France-Presse — Getty Images
Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide.

In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world — from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States — were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.

It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union. The attack spread from there, causing collateral damage around the world.

The outbreak was the latest and perhaps the most sophisticated in a series of attacks making use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.

Continue reading the main story
RELATED COVERAGE


Global Ransomware Attack: What We Know and Don’t Know JUNE 27, 2017

A Cyberattack ‘the World Isn’t Ready For’ JUNE 22, 2017

Ponzi Scheme Meets Ransomware for a Doubly Malicious Attack JUNE 6, 2017

Victims Call Hackers’ Bluff as Ransomware Deadline Nears MAY 19, 2017

TECH FIX
How to Protect Yourself From Ransomware Attacks MAY 15, 2017
RECENT COMMENTS

John 21 hours ago
How reactionary. Outlawing Bitcoin, or crypto-currencies in general, will not stop this from happening. Bitcoin is merely the form of...
Debra 21 hours ago
An attack on the Ukraine - please! This is the work of the same cybercriminals messing in US elections. We know they work directly for...
Eleanore Whitaker 21 hours ago
Ah yes. Vlad the Bad is at it again folks. Obviously, now that Trump's weak kneed attempts at distraction from Russian hacking has failed so...
SEE ALL COMMENTS
Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from their owners to regain access. The new attack used the same National Security Agency hacking tool, Eternal Blue, that was used in the WannaCry episode, as well as two other methods to promote its spread, according to researchers at the computer security company Symantec.

The National Security Agency has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency help the rest of the world defend against the weapons it created.

“The N.S.A. needs to take a leadership role in working closely with security and operating system platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark-based conglomerate hit by a separate attack in April that used the agency’s hacking tools. Mr. Ben-Oni warned federal officials that more serious attacks were probably on the horizon.

The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of groups around the world failed to properly install the fix.

“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president for security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”

Because the ransomware used at least two other ways to spread on Tuesday — including stealing victims’ credentials — even those who used the Microsoft patch could be vulnerable and potential targets for later attacks, according to researchers at F-Secure, a Finnish cybersecurity firm, and others.

A Microsoft spokesman said the company’s latest antivirus software should protect against the attack.
The Ukrainian government said several of its ministries, local banks and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted.

Ukrainian officials pointed a finger at Russia on Tuesday, although Russian companies were also affected. Home Credit bank, one of Russia’s top 50 lenders, was paralyzed, with all of its offices closed, according to the RBC news website. The attack also affected Evraz, a steel manufacturing and mining company that employs about 80,000 people, the RBC website reported.

In the United States, the multinational law firm DLA Piper also reported being hit. Hospitals in Pennsylvania were being forced to cancel operations after the attack hit computers at Heritage Valley Health Systems, a Pennsylvania health care provider, and its hospitals in Beaver and Sewickley, Penn., and satellite locations across the state.

The ransomware also hurt Australian branches of international companies. DLA Piper’s Australian offices warned clients that they were dealing with a “serious global cyber incident” and had disabled email as a precautionary measure. Local news reports said that in Hobart, Tasmania, on Tuesday evening, computers in a Cadbury chocolate factory, owned by Mondelez International, had displayed ransomware messages that demanded $300 in bitcoins.

Qantas Airways’ booking system failed for a time on Tuesday, but the company said the breakdown was due to an unrelated hardware issue.

The Australian government has urged companies to install security updates and isolate any infected computers from their networks.

“This ransomware attack is a wake-up call to all Australian businesses to regularly back up their data and install the latest security patches,” said Dan Tehan, the cybersecurity minister. “We are aware of the situation and monitoring it closely.”

A National Security Agency spokesman referred questions about the attack to the Department of Homeland Security. “The Department of Homeland Security is monitoring reports of cyberattacks affecting multiple global entities and is coordinating with our international and domestic cyber partners,” Scott McConnell, a department spokesman, said in a statement.
Computer specialists said the ransomware was very similar to a virus that emerged last year called Petya. Petya means “Little Peter,” in Russian, leading some to speculate the name referred to Sergei Prokofiev’s 1936 symphony “Peter and the Wolf,” about a boy who captures a wolf.

Reports that the computer virus was a variant of Petya suggest the attackers will be hard to trace. Petya was for sale on the so-called dark web, where its creators made the ransomware available as “ransomware as a service” — a play on Silicon Valley terminology for delivering software over the internet, according to the security firm Avast Threat Labs.

That means anyone could launch the ransomware with the click of a button, encrypt someone’s systems and demand a ransom to unlock it. If the victim pays, the authors of the Petya ransomware, who call themselves Janus Cybercrime Solutions, get a cut of the payment.

That distribution method means that pinning down the people responsible for Tuesday’s attack could be difficult.
A screenshot of what appeared to be the ransomware affecting systems worldwide on Tuesday. The Ukrainian government posted the shot to its official Facebook page.


The attack is “an improved and more lethal version of WannaCry,” said Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware when he created a kill switch that stopped the attacks.

In just the last seven days, Mr. Suiche noted, WannaCry had tried to hit an additional 80,000 organizations but was prevented from executing attack code because of the kill switch. Petya does not have a kill switch.

Petya also encrypts and locks entire hard drives, whereas the earlier ransomware attacks locked only individual files, said Chris Hinkley, a researcher at the security firm Armor.

The hackers behind Petya demanded $300 worth of the cybercurrency Bitcoin to unlock victims’ machines. By Tuesday afternoon, online records showed that 30 victims had paid the ransom, although it was not clear whether they had regained access to their files. Other victims may be out of luck, after Posteo, the German email service provider, shut down the hackers’ email account.

In Ukraine, people turned up at post offices, A.T.M.s and airports to find blank computer screens, or signs about closures. At Kiev’s central post office, a few bewildered customers milled about, holding parcels and letters, looking at a sign that said, “Closed for technical reasons.”

The hackers compromised Ukrainian accounting software mandated to be used in various industries in the country, including government agencies and banks, according to researchers at Cisco Talos, the security division of the computer networking company. That allowed them to unleash their ransomware when the software, which is also used in other countries, was updated.

The ransomware spread for five days across Ukraine, and around the world, before activating Tuesday evening.

“If I had to guess, I would think this was done to send a political message,” said Craig Williams, the senior technical researcher at Talos.

One Kiev resident, Tetiana Vasylieva, was forced to borrow money from a relative after failing to withdraw money at four automated teller machines. At one A.T.M. in Kiev belonging to the Ukrainian branch of the Austrian bank Raiffeisen, a message on the screen said the machine was not functioning.

Ukraine’s Infrastructure Ministry, the postal service, the national railway company, and one of the country’s largest communications companies, Ukrtelecom, had been affected, Volodymyr Omelyan, the country’s infrastructure minister, said in a Facebook post.

Officials for the metro system in Kiev said card payments could not be accepted. The national power grid company Kievenergo had to switch off all of its computers, but the situation was under control, according to the Interfax-Ukraine news agency. Metro Group, a German company that runs wholesale food stores, said its operations in Ukraine had been affected.

At the Chernobyl plant, the computers affected by the attack collected data on radiation levels and were not connected to industrial systems at the site, where, although all reactors have been decommissioned, huge volumes of radioactive waste remain. Operators said radiation monitoring was being done manually.

Cybersecurity researchers questioned whether collecting ransom was the true objective of the attack.

“It’s entirely possible that this attack could have been a smoke screen,” said Justin Harvey, the managing director of global incident response at Accenture Security. “If you are an evildoer and you wanted to cause mayhem, why wouldn’t you try to first mask it as something else?”

Correction: June 27, 2017 
An earlier version of this article referred incorrectly to the occupation of Justin Harvey. He is the managing director of global incident response at Accenture Security, not the chief security officer for the Fidelis cybersecurity company.
Reporting was contributed by Liz Alderman, Andrew E. Kramer, Iuliia Mendel, Ivan Nechepurenko and Isabella Kwai.
https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html
avatar
Admin
Admin

Posts : 48848
Join date : 2008-10-25
Age : 72
Location : Wales UK

View user profile http://worldwidechristians.6forum.info

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum