ever get the feeling that the god of the jews is just a bag of rancid pus?

NSA Software Behind Latest Global Ransomware Attack
Tyler Durden, Zero Hedge, Jun 27 2017

petya ukraine ATMWhile normally you ask ATMs for money, in Ukraine the ATMs ask you.

“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki’s cyber-security firm F-Secure, when discussing today’s latest outbreak of the WannaCry-like ransomware attack, which as we reported earlier started in Ukraine and has since spread to corporate systems across the world, affecting Russian state oil giant Rosneft, the international shipping and energy conglomerate Maersk, before jumping across the Atlantic and going global, by infecting the Pindostan-based division of global pharma giant Merck, which this morning confirmed it has been hit by the “Petya” attack. Merck said in a statement on Tuesday:

Merck employees were instructed to disconnect all mobile devices from the company network and advised not to speak to reporters or post messages on social media accounts. Computers at Merck facilities in Pennsylvania and New Jersey locked up Tuesday morning around 8am local time, according to the Inquirer. Back in mid-May, when WannaCry spread with tremendous speed around the globe, many said that it’s only a matter of time before the virus returns in a more advanced, weaponized version. Sure enough, cyber-security experts quoted by Reuters said those behind the attack appeared to have exploited the same hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a temporary kill switch. Hypponen said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. “This could hit Pindostan pretty bad,” he said. And, as Merck confirmed, it already has. Within hours of the first attack, the DHS said it was monitoring reports of cyber attacks around the world and coordinating with other countries. The first reports of organizations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain. Within hours, the attack had gone global:

In addition to Pindostan, a Swiss government agency also reported computer systems were affected in India, though the country’s cyber security agency said it had yet to receive any reports of attacks according to Reuters. For those infected, there may be just one option: pay the ransom. One victims of the cyber attack, a Ukrainian media company, said its computers were blocked and it had a demand for $300 worth of the Bitcoin crypto-currency to restore access to its files. The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway. Other companies that said they had been hit by a cyber attack included Russian oil producer Rosneft. Cyber-security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught. Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya. It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender, which said:

There is no workaround to help victims retrieve the decryption keys from the computer.

Kaspersky Lab said its preliminary findings suggested the virus was not a variant of Petya but a new piece of ransomware not seen before. Ukraine was quick to accuse Russia. An advisor to Ukraine’s interior minister said the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them. According to the state security agency, the emails contained infected Word documents or PDF files as attachments. But whatever the origin of the geographic hacking operation, the actual software used is the same that was created by the NSA and subsequently leaked by a disgruntled non-Russian employee. Now we are just waiting for the confirmation.

As a reminder, the quick proliferation of the original WannCry malware, which infected nearly 300,000 computers worldwide within a day, was due entirely to its use of two powerful software exploits that were released to the public in April by the anonymous hacker group calling itself the Shadow Brokers, which said the exploits were developed by NSA. On Tuesday, Edward Snowden asked:

Meanwhile, governments and so-called experts had laughably come to the conclusion that the North Korean government was behind the original WannaCry attack. We just can’t wait for the those same “experts” to again blame this latest global malware attack on Kim and his team of crack blackhats. Finally, for those who want to keep track of how many people have made the ransom payment, there is now a Twitter bot called @petya_payments that will tweet each time a new ransom payment is made to the bitcoin wallets associated with the Petya attack.

One Comment

  1. Posted June 28, 2017 at 4:46 am | Permalink

    Responding to your headline question, I would say yes, I get that feeling all the time. I suppose the Christian and Muslim gods could be seen as close relatives. Sometimes I can’t tell them apart.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s