tell me it was fancy bear & cosy bear again

Petya ransomware attack shuts down computers in 65 countries
Kevin Reed, WSWS, Jun 29 2017

In the second massive cyberattack in 44 days, both originating from malicious software developed by the NSA, personal computers in at least 65 countries were shut down Tuesday by an epidemic of ransomware known as Petya. The attack had its greatest impact and first manifestation in Ukraine, where an estimated 12,500 computer systems were infected. Initial reports of the malware came when Ukrainian computer users attempted to update their copies of the tax and accounting software MeDoc. From there, the ransomware spread quickly all over the world, with major outages reported in Belgium, Brazil, Germany, Russia and Pindostan. Among the corporations hit by the attack were the Pindo pharma giant Merck, the British ad agency WPP, the French multinational Saint-Gobain, the Russian steel and mining company Evraz and the Australian factory of Cadbury. In Ukraine, government ministries, ATMs and transit and airports systems were paralyzed and workers at the Chernobyl nuclear disaster site were forced to monitor radiation levels manually because their computers became inoperable. In Pindostan, Heritage Valley Health Systems, a Pennsylvania health care provider, was forced to cancel operations at its hospitals in Beaver and Sewickley due to the computer outage caused by Petya.

According to some security experts, the latest ransomware attack represents a more sophisticated and lethal application of the malware than previously encountered. The Petya ransomware causes computers to stop functioning and brings up a red screen with white letters that says the hard disks on the system have been encrypted with “military grade encryption.” The files on the system will be restored, the message explains, only in exchange for a payment of $300 in bitcoin electronic currency to a specified email address. It is not clear if making the ransom payment leads to the restoration of file access. Once cyber-security experts identified the email account, it was shut down. The virus attacks Windows-based computers by taking advantage of the EternalBlue vulnerability. EternalBlue is known as an “exploit” or “bug” in the Windows operating system that can be used to cause unexpected behavior. Although Microsoft had released security updates to address the EternalBlue issue when they became aware of the problem last March, the latest attack is a “new variant” of Petya that can circumvent previous software patches. Once a single system has been infected, the ransomware has the ability to move from computer to computer on a network without users doing anything. The Petya virus also has the ability to utilize unprotected machines to access networking features and infect machines that have been previously protected. Because of these innovations, some security experts are referring to the new ransomware as GoldenEye.

It is well known that the EternalBlue exploit was developed by the NSA as part of its arsenal of cyber-warfare weaponry for use against the rivals of Pindosi imperialism. Due to a combination of recklessness and stupidity, the NSA’s arsenal servers were hacked earlier this year and the tools were stolen by as-of-yet unidentified hackers. In April, an Internet group known as Shadow Brokers published information about the NSA arsenal, including details about exploits that take advantage of vulnerabilities in enterprise firewalls, anti-virus products and Microsoft software. The Petya attack comes less than two months after the outbreak in early May of the WannaCry ransomware, which spread around the world in a similar manner. In that instance, the malware shut down hundreds of thousands of computers in more than 150 countries. So far, the NSA has not acknowledged any responsibility for the malware code that has now disrupted the economy in countless countries and endangered the lives of millions of people on two separate occasions. Computer security experts are coming forward in increasing numbers to demand that the NSA work with specialists to help defend computer systems from the destructive mayhem that the agency has unleashed upon society. Although no one has taken responsibility for the latest epidemic, the location and timing of the Petya attack—centered in Ukraine, launched one day before a holiday marking the break of Ukraine from the USSR, points to possible political motivations. Some media outlets, as well as the Ukrainian government, have begun making well-worn and unsubstantiated allegations about “Russian hacking.”

NATO Chief Says Recent Cyber-Attacks Are A Call To Arms
Joseph Jankowski, Planet Free Will (Blog), Jun 28 2017

A major global cyber-attack which struck particularly hard in Ukraine on Tuesday could potentially trigger NATO’s Article 5 mutual defense commitment, according to NATO chief Jens Stoltenberg. On Tuesday, computer systems around the world were subjected to ransomware cyber-attacks that spread from Ukraine and Russia, across Europe to Pindostan and then on to Asia. The attack appeared to be a modification of the “WannaCry” cyber-attack which hit more than 200,000 users in more than 150 countries in May. According to NATO’s Jens Stoltenberg, the attack means that the NATO vassals must step up their defenses against cyber-attacks. Article 5 could potentially be sparked over such an event. Article 5 provides that if a NATO vassal is the victim of an attack, each and every other vassal must consider the attack against all of them and must take the actions deemed necessary to assist the vassal attacked. Stoltenberg told reporters ahead of a NATO defense ministers meeting in Brussels on Thursday:

The attack in May and this week just underlines the importance of strengthening our cyber defenses and that is what we are doing. We exercise more, we share best practices and technology and we also work more and more closely with all allies.

In Jul 2016, NATO allies reaffirmed defensive mandates and recognized cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea. Interior Minister of Ukraine, MP Anton Gerashchenko was quick to place the fault of the attack on Russia. Gerashchenko wrote on Facebook:

A huge cyber-attack upont Ukrainian companies has been organized by Russian intelligence services and it is one of the elements of the hybrid war against Ukraine. The intrusion is the biggest in Ukraine’s history (aiming at) the destabilization of the economic situation and in the civic consciousness of Ukraine, disguised as an extortion attempt.

He said on 112.Ukraine TV:

A huge cyber-attack has been started against Ukraine. It was done under the disguise that it is allegedly a virus. … According to the preliminary information, this is an organized system, a kind of training by the Russian intelligence services. The attack aims at banks, media and transport communications.

Russia itself was a victim of the attack, with Russian oil giant Rosneft and steelmaker Evraz having their information systems struck. As Reuters notes:

While the malware seemed to be a variant of past campaigns, derived from code known as Eternal Blue believed to have been developed by the NSA, experts said it was not as virulent as last month’s WannaCry attack. They said Tuesday’s virus could leap from computer to computer once unleashed within an organization but, unlike WannaCry, it could not randomly trawl the internet for its next victims, limiting its scope to infect. The introduction of security patches in the wake of the May attack that crippled hundreds of thousands of computers also helped curb the latest malware, though its rapid spread underlined concerns that some businesses have still failed to secure their networks from increasingly aggressive hackers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s