Massive cyberattack hits Europe with widespread ransom demands
22 replies, posted
[url]https://www.washingtonpost.com/world/europe/ukraines-government-key-infrastructure-hit-in-massive-cyberattack/2017/06/27/7d22c7dc-5b40-11e7-9fc6-c7ef4bc58d13_story.html[/url]
[quote]A new wave of powerful cyberattacks hit Europe on Tuesday in a possible reprise of a widespread ransomware assault in May that affected 150 countries, as Ukraine reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down.
The Russian oil giant Rosneft was also hit, as was the British advertising and marketing multinational WPP. Norway’s National Security Authority said an “international company” there was affected.
Ukraine first reported Tuesday’s cyberattacks, saying they targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, airport departure tables and demanding ransoms from government employees in the cryptocurrency bitcoin. [/quote]
ohshit
[media]https://www.youtube.com/watch?v=rj3ub9f0fAk[/media]
but seriously. I read this thing was unprecedented? like the biggest breach yet in cyberkind or something
Man our Communications/PR manager blew her shit (after receiving ~50 emails in 5 mins) when she got the news that the office in Ukraine got hit. Apparently the IT guy there told them to turn the internet connection off on everything so the whole office went dark. On top of that they also got a power outage.
Is this related to Wannacry at all? I think it's either a direct descendant or a copycat incident after Wannacry proved to be so effective at hitting infrastructure all across Europe, but there doesn't seem to be any confirmation whatsoever.
[QUOTE=JerryAnderson;52406819]Is this related to Wannacry at all? I think it's either a direct descendant or a copycat incident after Wannacry proved to be so effective at hitting infrastructure all across Europe, but there doesn't seem to be any confirmation whatsoever.[/QUOTE]
It utilizes the same MS17-010 exploit, which [B]everyone should have patched over by now.[/B]
[QUOTE=autodesknoob;52406798]ohshit
[media]https://www.youtube.com/watch?v=rj3ub9f0fAk[/media]
but seriously. I read this thing was unprecedented? like the biggest breach yet in cyberkind or something[/QUOTE]
Most underrated Wunkolo video
Sounds like a really bad sleeper, it may have been using the SMB exploit from the CIA/WannaCrypt, or not, since I have no idea what operating system or OSI model the ATM in the article runs on
[QUOTE=ZombieWaffle;52406841]It utilizes the same MS17-010 exploit, which [B]everyone should have patched over by now.[/B][/QUOTE]
Mmhm. Its one thing for a gamer who never uses their rig for sensitive things to let their patching get behind, its another thing entirely for businesses to do so.
The articles are a bit misleading. While this one did exploit the SMBv1 bug, it wasn't the main attack vector. This one was spread via exploiting the automatic update feature in a 3rd party accounting software, then used psexec on privileged accounts to spread itself to other machines on the local network. The SMBv1 bug was also exploited on the local network in order to potentially get more machines infected. The thing that does make this potentially more worse is that the email in the ransom message is no longer working as it was suspended, so even if the person/group was going to give you the decryption key and you had the btc to pay for it (not to say this is recommended), there's no way to contact them.
A good thing is from what it looks like, it doesn't actually infect anything outside the local network, so no internet propagation like in wannacry. [URL="https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html"](source)[/URL]
[QUOTE=TestECull;52407145]Mmhm. Its one thing for a gamer who never uses their rig for sensitive things to let their patching get behind, its another thing entirely for businesses to do so.[/QUOTE]
Depends on the type of business. Some places equate change to money, and just don't want to spend money. My first job (in 2013) was running almost entirely on Windows 95 because the owner didn't want to change. Some of the testing equipment was so old that they ran on DOS.
[editline]hohamburgers[/editline]
I may have misinterpreted the post as saying that it's unusual for businesses to not maintain their computers.
We got an email about this at work..
Nice, Bitcoin price will rise now :badzing:
[QUOTE=TestECull;52407145]Mmhm. Its one thing for a gamer who never uses their rig for sensitive things to let their patching get behind, its another thing entirely for businesses to do so.[/QUOTE]
I'm pretty sure most gamers (who use a legit copy of Windows at least) keep their computers more updated than the average company.
That aside though, an infected computer can be used to attack other systems and/or send hard-to-block spam mail, so if you hook up anything to the internet it [I]needs[/I] to be secured properly.
I said this once, and I'll say this again, alongside with anyone in Tech:
[B][I]KEEP YOUR FUCKING COMPUTERS UPDATED.[/I][/B]
Danooct1 made a video on the subject. You may have already seen it, but it was only recently posted.
[video=youtube;MT3MwYlJBDU]https://www.youtube.com/watch?v=MT3MwYlJBDU[/video]
This is not worrying at all.
[URL="http://www.telegraph.co.uk/news/2017/06/28/nato-assisting-ukrainian-cyber-defences-ransom-ware-attack-cripples/"]NATO HAS JUST SAID THAT CYBERATTACKS CAN TRIGGER ARTICLE V![/URL]
Hope there is a different plan than Starting WW3,
cause what I'm hearing about this, may have started from Russia.
[QUOTE=Drag#!;52409682][media]https://twitter.com/0xAmit/status/879778335286452224[/media]
[media]https://twitter.com/golub/status/879707965179088896[/media][/QUOTE]
Make sure it's read only, too
[QUOTE]Production was reportedly halted at Cadbury's Hobart factory following the attack[/QUOTE]
It's war then.
[QUOTE=OmniConsUme;52412343]This is not worrying at all.
[URL="http://www.telegraph.co.uk/news/2017/06/28/nato-assisting-ukrainian-cyber-defences-ransom-ware-attack-cripples/"]NATO HAS JUST SAID THAT CYBERATTACKS CAN TRIGGER ARTICLE V![/URL]
Hope there is a different plan than Starting WW3,
cause what I'm hearing about this, may have started from Russia.[/QUOTE]
It's really only if the attack was made by a government entity afaik
[QUOTE=OmniConsUme;52412343]This is not worrying at all.
[URL="http://www.telegraph.co.uk/news/2017/06/28/nato-assisting-ukrainian-cyber-defences-ransom-ware-attack-cripples/"]NATO HAS JUST SAID THAT CYBERATTACKS CAN TRIGGER ARTICLE V![/URL]
Hope there is a different plan than Starting WW3,
cause what I'm hearing about this, may have started from Russia.[/QUOTE]
Hope for the best, those hacks really are shit
[QUOTE=Paramud;52408627]Depends on the type of business. Some places equate change to money, and just don't want to spend money. My first job (in 2013) was running almost entirely on Windows 95 because the owner didn't want to change. Some of the testing equipment was so old that they ran on DOS.
[editline]hohamburgers[/editline]
I may have misinterpreted the post as saying that it's unusual for businesses to not maintain their computers.[/QUOTE]
It's not that they equate change with money. It's that they are outright retarded.
Anybody with a minimal sense of risk understands why investing in new OS is very well worth the money. If anything at all, it's like living in Mississippi and having 0 insurance against tornados just because "Insurance costs money!"
[QUOTE=OmniConsUme;52412343]This is not worrying at all.
[URL="http://www.telegraph.co.uk/news/2017/06/28/nato-assisting-ukrainian-cyber-defences-ransom-ware-attack-cripples/"]NATO HAS JUST SAID THAT CYBERATTACKS CAN TRIGGER ARTICLE V![/URL]
Hope there is a different plan than Starting WW3,
cause what I'm hearing about this, may have started from Russia.[/QUOTE]
so does america now self-invade because it created eternalblue
Sorry, you need to Log In to post a reply to this thread.
