Tuesday, June 27th 2017
Several Critical Ukrainian Targets Hit by "Petya" Ransomware, Fear of Outbreak
After last month's WannaCry outbreak (which persisted in its effects as recently as last week), we now have a new variant of ransomware infecting PCs across Europe. The outbreak seems centered in Ukraine, where several government facilities and critical pieces of infrastructure have been shutdown due to the attacks. The Ukrainian government seemed almost defiantly optimistic, posting this decidedly awesome response to twitter during the attack.
As if to signify not all is well, the attack has been widespread enough to even effect the radiation monitoring systems at Chernobyl, which have been reportedly switched to "manual mode" following an infection.
There are concerns that the ransomware could spread, and by the time this article was written, reports have already come in of infection across the Ukrainian borders, including in Denmark (with shipping conglomerate Maersk hit), and even isolated reports as far away as Russia and the USA.
The Director of Global Research for Kaspersky Labs, Costin Raiu, reports that the ransomware has made the most impact in the Ukraine, with the Russian Federation coming in at second. Poland takes third place, followed by Italy and then Germany. The infection is obviously spreading actively, so this list may not be accurate for long. One hopes it will not morph into a global outbreak.
UPDATE 5:45PM PST: As of this time, the network has hit the USA full force and is currently being covered on US news services. See the ABC news source for details.
The bitcoin wallet associated with this attack has already garnered more than 3.5 BTC at time of this writing, meaning at least some of the ransoms are being paid. The infection vector appears to be a compromised accounting software auto-update used common to most of the infected companies.
Sources:
Ukraine Twitter Account, wired.co.uk, ABC News, Blockchain.info, Microsoft Technet
There are concerns that the ransomware could spread, and by the time this article was written, reports have already come in of infection across the Ukrainian borders, including in Denmark (with shipping conglomerate Maersk hit), and even isolated reports as far away as Russia and the USA.
The Director of Global Research for Kaspersky Labs, Costin Raiu, reports that the ransomware has made the most impact in the Ukraine, with the Russian Federation coming in at second. Poland takes third place, followed by Italy and then Germany. The infection is obviously spreading actively, so this list may not be accurate for long. One hopes it will not morph into a global outbreak.
UPDATE 5:45PM PST: As of this time, the network has hit the USA full force and is currently being covered on US news services. See the ABC news source for details.
The bitcoin wallet associated with this attack has already garnered more than 3.5 BTC at time of this writing, meaning at least some of the ransoms are being paid. The infection vector appears to be a compromised accounting software auto-update used common to most of the infected companies.
26 Comments on Several Critical Ukrainian Targets Hit by "Petya" Ransomware, Fear of Outbreak
And I know you are all curious about infection vector. I don't have info on that yet, but my advice is to be up to date and I'll update you when I know more.
Bitcoin and such has become mainstream. The criminals that use this are no different than the criminals who use cash or any currency: A minority disease on a legitimate payment means.
That said, we definently need to work on ways to make it harder for them to use, which is why I actually view Bitcoin as dying and am waiting for a more tracable tech to come out. Best I've seen yet is Ethereum, but it still doesn't really settle the lack of identity.
Plus, you can always trade to another coin to eliminate the paper trail, such as zcash, which is probably the most anonymous.
Like it or not the genie is out of the bottle and criminals will use crypto I'm afraid. But that's not even close to their primary use case, or the majority of use.
A traceable cryptocurrency kinda defeats the purpose of it, imo, adding such a feature is little different from hiding backdoors into encryption software and systems.
That's what I was thinking, anyways. I am far from a developmental expert on the matter.
I do not want globally reversible transactions though. That does kind of go against what crypto is in my mind, as you must hand control over to a central authority then. Ethereum has the right idea there, with it's "crowd fund" recipe of "party reversible transactions" where the configurable majority can successfully demand their funds be returned if they agree the contract was not fullfilled. There is no "back door" in this, just good ol' tech solutions.
Well established security practices would stop or limit the impact of such exploits, at least in >99% of all cases. Keeping systems up to date, having strict access control, isolation of systems, proper logging of unusual activity, etc. would be very efficient measures stopping these "infections". In fact, the lack of basic understanding of security and common sense is the real infection.
Instead of going all out for cloud computing. I feel like system providers or tech companies in general should start investing in a type of impregnable system that is extremely resistant to all kinds of attempted hacking.
I don't personally know the American systems, but the military systems I've worked on generally lacked any real security features. More than a decade has passed since then, but I remember networks of "high-tech" technology worth billions could have been disabled or breached by a single technician. Still, I fear obscurity is still the norm in both public and private sector today.
All attacked banks have resolved the problem within hours. Same with both govt. and private parcel services.
I don't really give a crap about whether our Cabinet of Ministers recovers or not, but so far almost every attacked entity has recovered.
Only the Boryspil airport is having problems with electronic flight schedule, but they've figured out a creative workaround:
Private sector is better, but not without sins. Some payment terminals are still based on outdated versions of Windows CE, some banks are still relying on outdated hardware and software...
Some go as far as connecting workstations, or non-password-protected routers to the internet, or adding a PC on internal network to DMZ (because they wanted to share a folder with another branch office)... :banghead:
Also, @R-T-B ,you may want to add the ransom wallet. So far the guy made a whooping ~3.5BTC (all payments above 0.1BTC are a $300 ransom for decryption).
blockchain.info/address/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
Seriously, they deserve all of this crap 100% and more.
EDIT : ohwow, already posted, didn't read Frick's post :roll: