• Welcome to Tamil Brahmins forums.

    You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our Free Brahmin Community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

    If you have any problems with the registration process or your account login, please contact contact us.

Massive ransomware attack hits 74 countries

Status
Not open for further replies.

tks

0
Ransomware is on the rise. Even if you are an unsophisticated user of a PC, please read and avoid becoming a victim of this modern era crime.
Tens of thousands of ransomware attacks are targeting organizations around the world on Friday.
Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Most of the attacks have targeted Russia.

NSA (USA), National Security Agency's tools were leaked earlier and this exploit uses such vulnerabilities gained by that leak

Source : CNN , May 12, 2017

Link:

http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html

============================================================================

What is it?


The ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them. Researchers say it is spreading through a Microsoft (MSFT, Tech30) Windows exploit called "EternalBlue," which Microsoft released a patch for in March. A hacking group leaked the exploit in a trove of other NSA spy tools last month.


"Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."


Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom company Telefónica was also hit with the ransomware.


Spanish authorities confirmed the ransomware is spreading through the EternalBlue vulnerability and advised people to patch.
"It is going to spread far and wide within the internal systems of organizations -- this is turning into the biggest cybersecurity incident I've ever seen," UK-based security architect Kevin Beaumont said.




Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is "the most significant factor" in the global outbreak.


How to prevent it


Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won't do any good for machines that have already been hit.


He said it's likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.


"It has a 'hunter' module, which seeks out PCs on internal networks," Beaumont said. "So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies."


According to Matthew Hickey, founder of the security firm Hacker House, Friday's attack is not surprising, and it shows many organizations do not apply updates in a timely fashion. When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the "most damaging" he'd seen in several years, and warned that businesses would be most at risk.


Consumers who have up-to-date software are protected from this ransomware - Turn automatic Windows updates on.
It's not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.
 
Partial solution ...

Let me explain what happened and what has been the progress thus for in laymen language (hopefully) and give you a link to the story that may make more sense after that.

On Saturday morning, May 13, 2017 a partial solution is found by a 22 year old researcher (who goes by the name malwaretech )

The partial solution only prevents further spread of the virus which was expanding at a global scale rapidly. Most people paid up the average ransom of $300 (or equivalent currency in the country of the victim) to get their use of computer back. The attack took hold of the computer and encrypted all the files so that a user is unable to work using their PC and most often was ready to pay up the ransom to get their PC into a useful state.

All these were getting done anonymously. I do not want to get into technical details of how the criminals got paid and still stayed anonymous.

Such wide spread attack had it seems, a 'kill switch' . In other words, if the criminals wanted to STOP the further spread of the virus worldwide they needed a simple means to do so (called a kill switch) without knowing globally which computers are infected. To explain that let me give some more definitions (and most of you may know this already)

Let me describe what a domain name is . For example, the domain name of this site is tamilbrahmins.com. It is obviously 'registered' and hence when your browser wants to reach this site, it can be directed to a server which hosts our site.

Like a mailman will look up address to specific house the web address of Tamilbrahmins.com is registered. If it is unregistered you will not be able to reach it. For example if you try to reach a website by domain name say ahjljljlkl.com, then it will fail. Your computer browser will tell you that this site is unreachable or that it is not registered.

So this 22-year old researcher found that this virus before spreading each time tried to reach a strange site (with a specific name which was some jumbled alphabets which was obviously unregistered) . Obviously the act of reaching that site will fail for the virus , in which case the virus will continue propagating. This 22 year old simply purchased the domain name of of this site and registered it for a paltry sum of $10 so that any virus from any infected computer will be able to reach this weird named site. This researcher can then examine which computer it was coming from etc.

The act of buying the site happened to act like a global 'kill switch' for any virus from propagating.

Now virus from computers that are infected world wide will first try to reach the this strange domain name and find that that site is registered, which means it will not spread any further (effectively stopping the spread).

It seems there are many variants of this virus and it is not clear if there are other kill switch mechanism implemented. Also once infected a computer cannot be decrypted without paying up

In the meantime Windows has released a security patch even for ancient versions of PCs (like XP etc) .

Please update your windows software right away. If you had bootlegged version it is best to get a clean version of Windows (pay for software). By using bootlegged software, the damage you will be causing is not only for your PC only but also for many others as well since you will be an agent to infect many others. Eventually the spread of such virus may be tracked to you and you do not want to be an agent in propagating a crime.


Here is a version of news story of this development that may make more sense to some of you than what I have written above.

http://money.cnn.com/2017/05/13/technology/hero-ransomware-malwaretech-cyberattack/index.html
 
Partial list of Organization hit so far

Source : Yahoo May 13, 2017

https://www.yahoo.com/tech/organisations-hit-global-cyberattack-002127377.html


===============================================================


2e4563eb0bca8ed79d2b85f14b53773e1a665d01.jpg



Paris (AFP) - A huge range of organisations around the world have been affected by the WannaCry ransomware cyberattack, described by the EU's law enforcement agency as "unprecedented".


Here are some of the most prominent victims, from Britain's National Health Service (NHS) to French carmaker Renault and the Russian interior ministry.


- NHS -


The British public health service - the world's fifth-largest employer, with 1.7 million staff -- was badly hit, with interior minister Amber Rudd saying around 45 facilities were affected. Several were forced to cancel or delay treatment for patients.


Pictures on social media showed screens of NHS computers with images demanding payment of $300 (230 pounds, 275 euros) in the virtual currency Bitcoin, saying: "Ooops, your files have been encrypted!"


- Renault -


The French automobile giant was hit, forcing it to halt production at sites in France and its factories in Slovenia and Romania as part of measures to stop the spread of the virus.


Nissan UK's unit in Sunderland was hit by the attack, spokeswoman Lucy Banwell said.


- Russian banks and ministries -


Russia's central bank was targeted, along with several government ministries and the railway system. The interior ministry said 1,000 of its computers were hit by a virus. Officials played down the incident, saying the attacks had been contained.


- Germany railways -


Germany's Deutsche Bahn national railway operator was affected, with information screens and ticket machines hit. Travellers tweeted pictures of hijacked departure boards showing the ransom demand instead of train times. But the company insisted that trains were running as normal.


- Fedex -


The US package delivery group acknowledged it had been hit by malware and said it was "implementing remediation steps as quickly as possible."


- Telefonica -


The Spanish telephone giant said it was attacked but "the infected equipment is under control and being reinstalled," said Chema Alonso, the head of the company's cyber security unit and a former hacker.
 
Also check this site as well. It has pictures and details that one can understand more easily the attack

Hopefully India has not experienced the attack and at least not reported yet. But the attack is not contained, the virus spreads through internet connection. Best to be educated about what this is.

http://www.dailymail.co.uk/news/article-4502496/British-blogger-accidental-hero-cyber-attack.html

Some pictures from the above site reproduced below , go the site for full details

========================================

4040F88900000578-4502496-The_ransomware_hit_computers_around_the_globe_including_in_Germa-a-9_1494705269458.jpg





4040F87C00000578-4502496-image-a-6_1494704872665.jpg

The virus infection resulted in a ransom message appearing on screens across the German rail network creating 'massive disturbances'




4040F88F00000578-4502496-image-a-10_1494705309665.jpg



404406B100000578-4502496-image-m-2_1494692703341.jpg



403CD8D100000578-4501220-Blackpool_Victoria_Hospital_is_one_of_many_across_the_country_hi-a-28_1494625377661.jpg


Blackpool Victoria Hospital is one of many across the country hit - operations have been cancelled and ambulances diverted


Read more: http://www.dailymail.co.uk/news/art...cidental-hero-cyber-attack.html#ixzz4h0q3tEt9
 
A cyber ransomware is a type of malicious software that blocks access to a computer system until a sum of money is paid through the online medium.
The cyber sleuths agency advised users to apply patches to their Windows systems in order to prevent its infection and spread.
The ransomware virus is such lethal and smart that ‘it also drops a file named ‘!Please Read Me!.txt’ which contains the text explaining what has happened (to the computer) and how to pay the ransom’.
'WannaCry' encrypts files with the following extensions, appending .WCRY to the end of the file name like .lay6, .sqlite3, .sqlitedb, .accdb, .java and .docx among others.
The CERT-In has suggested some anti-ransonware measures:
Check regularly for the integrity of the information stored in the databases, regularly check the contents of backup files of databases for any unauthorised encrypted contents of data records, do not open attachments in unsolicited emails even if they come from people in your contact list and never click on a URL contained in an unsolicited email, even if the link seems benign.
“In cases of genuine (universal resource locators) URLs, close out the email and go to the organisation's website directly through browser,” it said.
The most important advisory by the CERT-In stated ‘individuals or organisations are not encouraged to pay the ransom as this does not guarantee files will be released. Report such instances of fraud to CERT-In and law enforcement agencies,’ it said.

http://www.rediff.com/news/report/central-body-issues-anti-ransomware-advisory-/20170514.htm
 
Most of india has been spared so far.

Our own geeks will find a native jugaad to get over this.

There are thousands of indian IT workers getting laid off.

They will find a cheap solution to this issue.
 
[h=1]“Unprecedented” Cyber Attack Hits 2 Lakh Computers In 150 Countries; India 3rd Most Affected[/h]Since Friday, 12 May, the world has been hit by a massive cyber attack. It has affected 230,000 computers in 150 countries, leading to crises in hospitals, schools, government offices, and any industry that relied on computers – which is to say, all industries. The attack has been described by Europol, Europe’s police agency, as “unprecedented”, and it continues to affect computers around the world, with analysts warning about the possibility of renewed attacks in coming days.
[h=1]What is the attack all about?[/h]The attack involved “WannaCry”, a ransomware that targets Microsoft Windows operating systems. It exploited loopholes in older versions of Windows to send phishing emails to users. Phishing is a method to obtain sensitive personal information of users, like usernames, passwords, credit card details etc., by sending emails pretending to be from an official entity. When an unsuspecting user opens these emails and/or downloads the attached files, their information is compromised and their system is locked/encrypted.
Once the information is encrypted, a message is displayed on the screen declaring the same and asking the user to pay USD 300 (in Bitcoin) if they wish to retrieve their data

Phishing emails employ “worms” to spread the attack in a local network. If even one of the computers in a local network is compromised because of a phishing email, the worm spreads rapidly and automatically encrypts data in all computers in the network. This is why Friday’s attack spread so rapidly across the world.

Source: Thelogicalindian.com
 
Things to do

India is weak when it comes to Cyber Security area. Most Engineers In India with computer background are useless in dealing with even basics of a cyber attack. The best thing to do for ordinary users is to avoid use of bootlegged software, update the latest patch from Microsoft and back up your files in an offline storage.

==============================================
Source : CNN May 17, 2017
http://money.cnn.com/2017/05/14/technology/global-cyberattack-explanation/index.html


Meet WannaCry. Security wonks are calling it the biggest cyberattack ever.


What the attack does
Cyber bad guys have spread ransomware, known as WannaCry, to computers around the world. It locks down all the files on an infected computer. The hackers then demand $300 in order to release control of the files. That's why it's called ransomware.
How it happened
WannaCry takes advantage of a vulnerability in Microsoft Windows.

The software tools to create the attack were revealed in April among a trove of NSA spy tools that were either leaked or stolen. The tools were made public by a hacking group called the Shadow Brokers.
Microsoft released a security patch for the vulnerabilities in March. But many corporations don't automatically update their systems, because Windows updates can screw up their legacy software programs.
The phenomenon of companies failing to update their systems has been a persistent security problem for years. Playing with fire finally caught up with the victims.
Consumers are also at risk. Microsoft requires Windows 10 customers to automatically update their computers, but some people with older PCs disabled automatic updates.
How widespread is the damage
The attack has been found in 150 countries, affecting 200,000 computers, according to Europol, the European law enforcement agency. FedEx, Nissan, and the United Kingdom's National Health Service were among the victims.
In the U.K., hospitals were crippled by the cyberattack, which forced operations to be canceled and ambulances to be diverted.
Also hit were Deutsche Bahn, the Russian Central Bank, Russian Railways, Russia's Interior Ministry, Megafon and Telefónica.
Attempts to contain the attack's spread appear to have paid off. The number of infected computers did not increase Monday as many had expected.
Who is vulnerable
Anyone who hasn't updated their Windows PC recently.
Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003. So even people with older computers should go update them.
Apple's Mac computers were not targeted by this ransomware attack so are clear. Bad guys generally target Windows far more than Apple's operating system because there are vastly more computers running Windows around the world.
How to prevent being attacked
According to security company Bitdefender, follow these five steps:
1. Disable your computer's Server Message Block service.
2. Install Microsoft's patch.
3. Back up your data on an offline hard drive.
4. Install all Windows updates.
5. Use a reputable security software to prevent attacks in the future.

Who is behind the attack
The hackers remain anonymous for now, but it appears that they are amateurs. A 22-year old security researcher in the U.K. discovered a "kill-switch" to initially stop the spread of the attack. The ease of stopping the attack suggests the hackers were new to this game.
Experts said it appeared that the ransomware had made just over $50,000.
What happens next
Computers and networks that hadn't recently updated their systems are still at risk because the ransomware is lurking.
Experts say the spread of the virus had been stymied by a security researcher in the U.K. hackers have issued new versions of the virus that cyber security organizations are actively trying to counter and stamp out.
The U.K. government's cyber office put it succinctly: "[T]he way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks."
 
[h=3]Wannacry’ ransomware attack: Govt says it has activated a 'preparedness and response mechanism'[/h]In Kerala, the computers of two village panchayats were hit, with messages demanding $300 in virtual currency to unlock the files.
After infecting over two lakh computers and crippling life in 150 countries, the global ransomware attack continued for the third day on Monday, with more reports of hacking pouring in from India, China and Japan as offices re-opened after a tumultuous weekend.

In Kerala, the computers of two village panchayats were hit, with messages demanding $300 in virtual currency to unlock the files.

Officials who opened the computer at the Thariyode panchayat office in the hilly district of Wayanad found that four of their computers had been hacked.

Likewise, another village panchayat at Aruvapulam near Konni in Pathanamthitta district got a similar virus message when their computer was switched on. IT experts were working on these systems.

In West Bengal's West Midnapore district, at least eight computers of the state-run electricity distributor were affected. Experts were ascertaining whether it was the same malware virus behind the world's biggest ransomware attack.

Source: News Minute
 
It is reported that in China local ATMs were taken off line because of the impact.....

[h=1]WannaCry: ATMs not to shut down, clarifies RBI, but how safe are our machines?[/h]
SBI has denied there was any compromise in its ATMs.

In the wake of the onslaught by ransomware WannaCry across the globe, the Reserve Bank of India has denied that it has asked banks in the country to shut down ATMs despite multiple conflicting reports on the same.

Speaking to The News Minute, the central bank’s spokesperson clarified, “The RBI has not passed any circulars to banks on the issue. All circulars sent to banks by the RBI is on the official website if it’s not on the website that means there is no such circular.”


The State Bank of India, the largest consumer bank of India also denied any compromise in its ATMs.

“All our systems are updated as required. Some of those, we do it daily. There are two types of updates, one is at the server level and one at the machine level. Generally, server level updates are done on a daily basis because patches are released and these are managed centrally in addition to local firewalls. The ATM machines are updated typically once in 15 days that is when the maintenance engineers visit the sites, they carry the latest software patch with them. So, everything is updated, there is no problem regarding this. We have additional surveillance but none of the ATM networks in the world has been impacted," Mrityunjoy Mahapatra, CIO of SBI told TNM.


However, a cyber security expert working with the Centre for Internet and Society, Udbhav Tiwari working on vulnerabilities such as these, said as most ATMs in the country especially of the public-sector banks run on outdated operating systems, or are not updated regularly, they can be easily compromised.

Read more at: http://www.thenewsminute.com/articl...clarifies-rbi-how-safe-are-our-machines-62115
 
Without comments.

Ransomware:
Banks better prepared to deal with Wannacry-like threats: Mrutyunjay Mahapatra, DMD & CIO, SBI
Shritama Bose
The Financial Express
Published on May 16, 2017
Mumbai, May 15: Banks are better prepared to deal with ‘WannaCry’-like threats as they have stronger firewalls in place as compared to non-financial entities, says Mrutyunjay Mahapatra, deputy managing director and chief information officer at State Bank of India. Mahapatra tells Shritama Bose that there is an ongoing practice that whenever there is some kind of threat, CERT-In (Indian Computer Emergency Response Team) and other emergency response teams keep on issuing advisories. Edited excerpts:

What percentage of your systems would be running on Microsoft products?Mrutyunjay Mahapatra: We have a large number of servers which run on Microsoft, because Microsoft has servers, end-point utilities, basic applications, etc. So, it is very difficult to quantify how much of them are touching a Microsoft project or Microsoft product or application, but suffice to say that we are quite alert and there are quite a large number of Windows applications running in some of the critical areas such as ATMs and our database, etc. So we have heightened the alert. Are most of these on XP or on higher versions of the Windows operating system? There are a few XPs, which are in the process of replacement, but a majority of them are higher versions.

To what extent are banks prepared to deal with such malicious elements?Mrutyunjay Mahapatra: You would have seen that none of the banking system software anywhere in the world have been impacted. That’s because security levels and firewalls of the banking systems are generally much higher as compared to a healthcare system or registry or something like that. The reason is simple — banks deal with money.Generally, our systems are always on high alert and our firewalls are always more robust than any other industry, as we deal with customers’ financial data and financial transactions. Also, most of our applications run on closed-loop systems, that is, in a proprietary network compared to a public network, as is the case with many web-facing networks like, let us say, a hospital system or a government system, where citizens are consuming their services. As compared to that, our core banking system or the ATM system is closed-loop. The network is owned by us, end-points are owned by us and back-end servers are owned by us. So to that extent, we are protected.

What kind of measures have you taken in the wake of this latest alert?Mrutyunjay Mahapatra: We are not taking it easy because we also have a few web-facing (utilities) such as internet banking and mobile banking. We are keeping heightened alert and we are completing all the patching, as we call it, the version upgrades of both Microsoft-related as well as anti-malware-related anti-virus solutions. That is an ongoing process, but we are again revalidating those.
 
[h=1]WannaCry ransomware 'from North Korea' say UK and US [/h]June 16, 2017 00:10


17ransomware.jpg

The WannaCry ransomware attack that affected more than 150 countries acame from North Korea, British and US security officials believe.


The attack affected an estimated 300,000 people worldwide, by locking data and demanding money to release it again.


British cyber experts analysing the software worm believe it was created by a prolific North Korean cyber gang called the Lazarus Group.


British security sources said it was unclear if the attack had been ordered or sanctioned by the Pyongyang government, but an assessment by Americas National Security Agency said it had "moderate confidence" the attack pointed to North Korea's spy agency, the Reconnaissance General Bureau.


The NSA believes the ransomware was an attempt to raise cash for Pyongyangs coffers.


However the attempt was apparently flawed and though the hackers raised more than 100,000 (Rs 82 lakh) in ransom payments of digital currency, the money has not been cashed in because the accounts could be easily tracked by law enforcement officials.

http://news.rediff.com/commentary/2...ay-uk-and-us/56130393fca1365a20c24de0a461b4ad
 
Sri vgane,

Glad to see you active again here (and in other sections). I was sharing stuff earlier while you were less active in this section. I will take a break now :)
 
Sri vgane,

Glad to see you active again here (and in other sections). I was sharing stuff earlier while you were less active in this section. I will take a break now :)

Dear Sri TKS,

No problems..I will definitely contribute whenever time permits..Look forward to your incisive & invigorating posts too!!
 
Status
Not open for further replies.

Latest ads

Back
Top