BlogCon 1: Global Ransomware Attack in Progress

Time to batten down the cyber hatches!

Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.

British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.

Ukrainian firms, including the state power company and Kiev’s main airport, were among the first to report issues.

The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

The international police organisation Interpol has said it is “closely monitoring” the situation and liaising with its member countries.

Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.

“It initially appeared to be a variant of a piece of ransomware that emerged last year,” said computer scientist Prof Alan Woodward.

The NY Times has a break down of what is and is not known.

Known:

• Cybersecurity researchers first said that the new ransomware appeared to be a variation of a well-known ransomware strain called Petya. One researcher from the Moscow-based cybersecurity firm Kaspersky Lab reported the new ransomware was a strain of Petya first identified in March 2016. Kaspersky found evidence that the latest strain had been created on June 18, suggesting it has been hitting victims for more than a week. But Kaspersky also said it was still investigating the attack and that it could be a new type of ransomware that has never been seen before.

• Kaspersky reported that approximately 2,000 computer systems had been affected by the new ransomware so far.

• Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue.

Unkown:

• Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track.

• Why it is spreading as quickly as it is. Cybersecurity researchers believe that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It is not yet known if the new ransomware uses any new vulnerabilities, or variants of the vulnerabilities, made public by the group known as the Shadow Brokers.

• It’s unclear if systems protected against WannaCry can still be affected by the new ransomware attack.

70 replies
  1. 1
    different-church-lady says:

    Fuckin’ Windows…

  2. 2
    Boussinesque says:

    I know basically nothing about cyber security, but is it possible that the virus contained some kind of “go live” timer or date-specific trigger that delays it actually activating so that the attacker can give the appearance of a more rapidly-spreading/severe attack while the actual infections took place over a longer period of time?

  3. 3
    Gin & Tonic says:

    Sent you an e-mail, Adam.

  4. 4
    different-church-lady says:

    $300 is like 9/3000th of a Bitcoin, right?

  5. 5
    debbie says:

    Between this and an apparent soon-to-occur chemical attack in Syria, it’s time for Russia to be kicked out of the Security Council.

  6. 6
    different-church-lady says:

    @Gin & Tonic: Are you crazy? THAT’S HOW THIS STUFF SPREADS!!!

  7. 7
    ChrisH says:

    Good to see Bitcoin has a practical use finally.

  8. 8
    Boussinesque says:

    @different-church-lady: clearly it’s time for an email ban and some extreme vetting. Just, y’know, until we figure out what’s going on.

  9. 9
    nightranger says:

    Has anyone considered that this could be part of an attack on Russia? Masked inside what looks like a global attack by garden variety script kiddies? Same as the last one which also hit Russia hard.

    I will admit that it is a bit conspiratorial. A lot of these things can be easily explained away by other things but the best type of espionage usually is.

  10. 10
    different-church-lady says:

    @Boussinesque: Two words: Twitter embargo.

    (I can dream, can’t I?)

  11. 11

    @different-church-lady: Ya know if Windows suddenly disappeared today, the remaining dominant OS(MacOS or Linux) would be the one that’s attacked.

    ETA: Remember to install those update, MS patched this in March.

  12. 12
    ThresherK says:

    I’ll tell my wife, and she’ll think I’m so smart for rigging up that old donored laptop with Ubuntu when the Windows crashed a year ago.

  13. 13
    Cain says:

    They can suck it, I’m sitting here on my Linux machine.. The faster people move to Linux the better, and then they can try all new ways to do ransomeware. but it will be harder or at least it will try to be harder.. but you know, there is no such thing as absolute security.

  14. 14
    Adam L Silverman says:

    @Gin & Tonic: Got it and responded. Thanks!

  15. 15
    different-church-lady says:

    @🐾BillinGlendaleCA: Yes, and no. Certainly whichever became dominant would be a primary target. But it also wouldn’t have a notorious legacy of Swiss-cheese security holes that will never be closed.

    But more to the point: what the fuck are critical nuclear power plant operations doing on any general purpose platform?

    Back in the bad old days when HD video required what seemed like major firepower at the time, I was consulting for (large audio products manufacturer) and the gearheads kept trying to steer us towards doing it on desktop machines they had tricked into doing things that they shouldn’t do. And I kept telling them, “Don’t do it. You say you also want it to be bullet-proof and not have your in-store theaters go down. You’re never going to achieve that with a general purpose OS, whether it’s Mac, Windows, or anything else you put together.” And all we were doing was serving up a point-of-purchase commercial, never mind something that could wipe out a small city for hundreds of years.

  16. 16
    different-church-lady says:

    @🐾BillinGlendaleCA:

    ETA: Remember to install those update, MS patched this in March.

    Gee, if only someone had told the nuke operators in Ukraine this.

  17. 17

    The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

    WTF! Why are they using fucking Windows for an important function in a nuclear power plant? It says right in the EULA that you aren’t supposed to use it for anything where life safety might be involved. And why are those computers on any kind of network where they could possibly be getting a virus? Those systems should be locked down and isolated so they can’t get infected even if they are vulnerable.

  18. 18

    @🐾BillinGlendaleCA:

    Ya know if Windows suddenly disappeared today, the remaining dominant OS(MacOS or Linux) would be the one that’s attacked.

    It’s true that Windows is a much more profitable target because it’s much more widely used. It’s also true that not all operating systems are equally well written, so that whatever replaced Windows wouldn’t necessarily be as easy a target as Windows is.

  19. 19
  20. 20
    Yutsano says:

    @Cain: Kan you get the Feds on board with this? We seem to be slaves to Uncle Bill here.

  21. 21
    Boussinesque says:

    @Roger Moore: even our small Triga Mk-III research reactor at Reed College had all the critical systems connected through the control console. The sensor feeds were also split to send the same data to a local PC for us to generate logs with, but that PC had no command/control capability over them. And the control console itself was certainly not network-connected. Not sure what the chucklefucks at this particular plant thought they were doing…

  22. 22
    Adam L Silverman says:

    @Roger Moore: If I recall correctly the targeting computers on our Aegis class destroyers are based off of a windows program…
    I guess this should go here too:
    http://www.motifake.com/image/.....447843.jpg

  23. 23

    @Roger Moore:

    so that whatever replaced Windows wouldn’t necessarily be as easy a target as Windows is.

    Or they might be an easier target.

  24. 24
    Adam L Silverman says:

  25. 25
    Adam L Silverman says:

  26. 26
    Adam L Silverman says:

  27. 27
    Bitter Scribe says:

    @Cain: Three questions about Linux:

    1) Does it have a graphical interface comparable to Windows or Mac?

    2) Can it run versions of the most popular software, like the MS Office suite?

    3) Don’t you have to be a complete wirehead to use it?

    (If anyone else knows the answers, jump in.)

  28. 28
    different-church-lady says:

    @Adam L Silverman:

    affects ‘one international company’

    Microsoft?

  29. 29
    chris says:

    @Bitter Scribe: Yes. Mostly. No. I use Linux Mint. You can make a bootable USB or a DVD stick and play with it.
    Linux is safe partly because it’s open source, mess with it and you’ll have thousands of angry and talented nerds after you. That said my box is firewalled and protected with an AV.

  30. 30

    @Bitter Scribe:

    1) Does it have a graphical interface comparable to Windows or Mac?

    Yes.

    2) Can it run versions of the most popular software, like the MS Office suite?

    Not natively, but there are alternative programs. There is the WINE package that can be added that will execute windows programs.

    3) Don’t you have to be a complete wirehead to use it?

    Yes, or have access to one. Usually the first response to someone with a Linux problem is “Open a command window…”.

    ETA: I run Windows here, I have Linux Mint on my test machine(as well as MacOS and Windows Insider).

  31. 31
    Adam L Silverman says:

    @different-church-lady: I think they’re referring to a Norwegian multinational.

  32. 32

    @Boussinesque:
    They did say they’re monitoring the stuff by hand, so it’s possible Chernobyl has a similar system, where the computers make it easy to monitor stuff but it’s still possible to look at an old-fashioned readout if there’s a problem with the computer system. It’s still crazy to put those computers in a situation where they’re even potentially vulnerable to malware.

  33. 33
    Peale says:

    @Adam L Silverman: I kind of like the idea that they’ll have to actually look inside those shipping containers because my guess is that right now, they aren’t exactly sure which container goes where.

  34. 34
    Technocrat says:

    @Bitter Scribe:

    1) Linux has some very nice graphical interfaces. Ubuntu is probably the most popular. It’s a modern graphical desktop. There are some quirks that will seem odd to a Windows user, but for the most part it’s fantastic.

    2) Linux has several “Office” type programs you can use, but not Microsoft Office. If people typically send you a lot of .xlsx and .docx files, you’ll have to jump through some hoops to use them. If you’re making documents for your own use, the Linux versions (StarOffice and LibreOffice, I believe) are fine.

    3) Not in 2016. The graphical versions of Linux are pretty friendly, unless..

    4) …you play games on your PC. This is by far the biggest shortcoming of Linux. Gaming on a Linux box is pretty much a non-starter.

  35. 35
    chris says:

    @🐾BillinGlendaleCA: When I see “Open a command window…” I text my guru. Actually I find most stuff can be solved on the forums. The subreddit for, say, Linux Mint is good too.

  36. 36

    @chris: Generally the responses I’ve seen on forums is “Open a command window, type ‘sudo….’.

  37. 37
    different-church-lady says:

    @Adam L Silverman: Micrøsåft?

  38. 38

    @Technocrat: …or use Photoshop or Lightroom(yes there are alternatives).

  39. 39
    chris says:

    @🐾BillinGlendaleCA: I just copy and paste but I guess some are put off by it. I’ve been using Linux for about ten years and except for a very few things I can’t read or write code.

    ETA: Haven’t had any problems for at least a couple of years now.

  40. 40
    The Moar You Know says:

    The faster people move to Linux the better, and then they can try all new ways to do ransomeware. but it will be harder or at least it will try to be harder.

    @Cain: You are wrong. Doubly so if the user is inexperienced, as most are.

    you know, there is no such thing as absolute security.

    That’s the only true thing to be said about information security.

    Make sure you’re patched and backups are in order AND TESTED. That’s all that can save you if you get hit with this fucking thing.

  41. 41

    @different-church-lady: Do you know how hard it is to code minesweeper for a customized platform?

  42. 42
    OldDave says:

    @Adam L Silverman:

    If I recall correctly the targeting computers on our Aegis class destroyers are based off of a windows program…

    Pretty sure this isn’t true … I can’t speak for the graphical consoles, but I’m 99.44% certain the C&C computers are running a real-time variant of either Unix or Linux, depending on their age.

  43. 43
    The Moar You Know says:

    1) Does it have a graphical interface comparable to Windows or Mac?

    2) Can it run versions of the most popular software, like the MS Office suite?

    3) Don’t you have to be a complete wirehead to use it?

    @Bitter Scribe:

    1. Oh yes. Preferable to Windows and MacOS in my book. Great interface. Depending on the distro, of course. Some have no GUI at all. But the ones that do work well.
    2. No. Not without extensive frustration, anyhow, and the killer for business, the government, the military, etc is this: nobody has made an Excel replacement that is 100% compatible. That’s the Achilles heel of Linux IMO. Until they get that, they will be where they are – running servers and the occasional desktop for serious sys admins.
    3. No, there’s several versions of it that are VERY easy to use.

  44. 44
    misterpuff says:

    Unkoan: What is the sound of one hand unfurling a middle digit to digital pirates?

  45. 45
    different-church-lady says:

    @mapaghimagsik: Heh. But seriously, for that same situation, we realized we needed to put code into the show that would reconfigure the audio product correctly at the head of every showing, because the store personnel would bring their gaming systems into the theaters after hours, crank the volume and the bass, and forget to set it all back correctly. It was a real education into how the mousetrap/mice feedback loop works.

  46. 46
    Adam L Silverman says:

    @OldDave: I’m in no way certain. Just remember someone telling me the software was based on Excel.

  47. 47
    boatboy_srq says:

    Wait. You’re quoting KASPERSKY on this? They may SAY they’re a wholly-US-owned entity not directly connected with Russia, but their support desk isn’t especially convincing on that point.

  48. 48
    Steve in the ATL says:

    @Adam L Silverman: Micrøsøft?

    ETA: d’oh–curses, different church lady!

  49. 49
    Another Scott says:

    @OldDave: USS Yorktown:

    From 1996 Yorktown was used as the testbed for the Navy’s Smart Ship program. The ship was equipped with a network of 27 dual 200 MHz Pentium Pro-based machines running Windows NT 4.0 communicating over fiber-optic cable with a Pentium Pro-based server. This network was responsible for running the integrated control center on the bridge, monitoring condition assessment, damage control, machinery control and fuel control, monitoring the engines and navigating the ship. This system was predicted to save $2.8 million per year by reducing the ship’s complement by 10%.

    On 21 September 1997, while on maneuvers off the coast of Cape Charles, Virginia, a crew member entered a zero into a database field causing an attempted division by zero in the ship’s Remote Data Base Manager, resulting in a buffer overflow which brought down all the machines on the network, causing the ship’s propulsion system to fail.[9]

    HTH.

    Cheers,
    Scott.

  50. 50
    J R in WV says:

    @Bitter Scribe:

    1) Yes.

    2) Not MS Office (why would you want to abandon Windows and use MS Office?) but Libre Office which is like Office… in the same way Linux is like Windows.

    3) Well, not really, but it helps if you have a wirehead available to ask for help from. Same as Windows when anything goes wrong.

    Linux Firewall? link??

  51. 51
    OldDave says:

    @Another Scott: Look at that. Learn something everyday. What I was referring to, and what I perhaps mistakenly thought Adam was referring to, are the computers involved in the Aegis radar system and in launching and controlling the Aegis “standard missiles”.

  52. 52
    Origuy says:

    @Another Scott: That doesn’t sound like an OS bug; sounds like their database application wasn’t doing input verification. Always assume users will enter the wrong thing into a text field.

  53. 53
    Yutsano says:

    @Steve in the ATL: And to be that guy, her vowels are more accurate.

  54. 54
    Adam L Silverman says:

    @boatboy_srq: I’m not quoting Kapersky. I’m fully aware of what Kapersky is and who Kapersky himself is. I am quoting the NY Times, which was quoting Kapersky.

  55. 55
    EBT says:

    @ChrisH: I paid for my genital laser hair removal with a bitcoin!

  56. 56
    J R in WV says:

    @Adam L Silverman:

    You mean Kaspersky, not Kapersky, right?

    I’ve always wondered who would install security software written by a company in Russia… really? Russian firewall, really???????????????????? Who do you think you need to protect yourself from???????????????????????????

  57. 57

    Everyone, update your systems! Now!

    Linux is not supported by many widely used apps. While alternatives are available, few of them are comparable in capability or support. Nor is Linux hardware support remotely adequate.

    To repeat myself, I believe this is enabled by extremely poor security practices in civilian infrastructure. This is a result of laziness, encouraged by security agencies which desired to spy on their own people. As cryptographers have been warning us, such weaknesses can be exploited by enemies, as well as ones own police agencies.

    We are in dire need of improvements to civilian cybersecurity infrastructure.

  58. 58
    EBT says:

    @Raven Onthill: I bet all those people bitching about Windows 10 forcing you to update sure are gonna be quiet today.

  59. 59
    jc says:

    I’m still wondering about the massive exposure of voter’s personal information in this June 19 LA Times story:

    http://www.latimes.com/politic.....story.html

  60. 60

    @Raven Onthill:

    We are in dire need of improvements to civilian cybersecurity infrastructure.

    Part of the problem is the lag between when updates are released and when they go though the corporate IT approval process and are applied. They need to do a much better job in streamlining that.

    @EBT: Every time, about every week or so, I turn on my MacOS test machine it wants to do an update. So pretty much the same as Windoze.

  61. 61
    Bago says:

    Did I step into the 90’s? I swear to God this thread smells like CmdrTaco.

    At any rate, Windows is becoming Linux by the month. Major systems open sourced, Bash shell, etc.

  62. 62
    Mike J says:

    I find it hilarious that there were people here talking about how bad the US sucks at all this cyber stuff and much of this attack is based on stuff written by the NSA.

  63. 63
    frosty says:

    @Adam L Silverman: Dammit Adam, I click on this ever time. And laugh every time.

  64. 64
    Eolirin says:

    Yeah, so Linux is full of security issues too. Shellshock was a pretty serious vulnerability that was lurking for like 20 years undetected. Open source does not actually provide much benefit to security, good software development processes that focus on security are required regardless of whether the code is open or closed.

  65. 65
    different-church-lady says:

    @Steve in the ATL: The morning. Early. Getting Up. All that all that.

  66. 66
    SteverinoCT says:

    @OldDave: on my shiny-new submarine in 1995-ish, the fire-control and navigation and sonar (BSY-1) ran on something written in ADA. Several times on sea trials we had to “reboot the boat.” The digital readout on the helm would freeze. Because we had cruise missiles, all the nav and fire-control and sonar were linked. Thanks to Rickover, the nukes still ran the reactor by hand, as it were.

  67. 67
    steverinoCT says:

    @OldDave:

    the Aegis “standard missiles”.

    That’s not meaning “the usual missile” but the actual name of the missile– a Standard missile, like a Sea Sparrow or what-have-you. Just to confuse us further. Like my boomers had Poseidon missiles, and that is now the name of the US Navy ASW aircraft; takes me a couple seconds to realize what is meant.

  68. 68
    EBT says:

    @🐾BillinGlendaleCA: Windows 10 doesn’t *ask* you to update. Windows 10 closes your programs and forces you to update.

  69. 69
    steverinoCT says:

    @Origuy:

    Always assume users will enter the wrong thing into a text field.

    I taught an eighth-grader that when I was in sixth grade: the computer science club was showing us how they could make a computer act like a 4-function calculator (this was circa 1975). We got to try them out. I locked it up immediately, and I believe her response was, “Why would you enter that?”

  70. 70
    OldDave says:

    @steverinoCT:

    That’s not meaning “the usual missile” but the actual name of the missile

    I knew I should have capitalized it, but neglected to. Apologies – I knew that.

Comments are closed.