Another version of the “WannaCry” ransomware virus has gone viral, this one dubbed “Petya” by some and “GoldenEye” by others.
Alternatively, some security experts say it is an entirely new virus.
Pharmaceutical company Merck, Danish shipper Maersk, advertising group WPP Group, Ukrainian banks, and Russian oil company Rosneft all report significant intrusions on their computer systems.
The Wall Street Journal reports Cyberattacks Hit Major Companies Across Globe.
Global businesses from Europe to the U.S., including shipping giant A.P. Moeller-Maersk, advertising firm WPP Group, and Russian oil company PAO Rosneft reported significant cyberattacks Tuesday against their computer systems.
It was unclear how, or if, the attacks were related, but they spread simultaneously across Europe and into the U.S. on the heels of a global attack in May from a virus dubbed WannaCry.
Ukraine was hit by an “unprecedented” wave of cyberattacks Tuesday, the country’s prime minister said, which infected a government ministry, state telecoms, postal and transport companies, among others.
Russia’s state-controlled oil company, PAO Rosneft, said it was under a “massive hacker attack” that could have serious consequences but said its oil production hadn’t been affected.
Denmark’s shipping giant Maersk said Tuesday that its computer systems had been brought down by a cyberattack. The breakdown is affecting multiple computer systems across several business units, a Maersk spokeswoman said, adding the company was assessing the situation.
The spokeswoman said she couldn’t provide details on how the computer outage was affecting the company’s flagship business, Maersk Line, the world’s largest container operator by capacity.
Attempts to connect to the Maersk Line web site yielded the following message: “Oh no, our website is down!
The Port Authority of New York and Jersey sent out alerts Tuesday morning that said the APM Terminals facility in Elizabeth, N.J., “is experiencing system issues” and advising carriers to delay arrival until further notice.
Petya
Ukraine Hit Hard
Reuters reports Ransomware Virus Hits Computer Servers Across the Globe.
A ransomware attack hit computers across the world on Tuesday, taking out servers at Russia’s biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.
Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch.
“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.
One of the victims of Tuesday’s cyber attack, a Ukrainian media company, said its computers were blocked and it had a demand for $300 worth of the Bitcoin crypto-currency to restore access to its files.
“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted by Ukraine’s Channel 24.
The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway.
Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya.
It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender.
“There is no workaround to help victims retrieve the decryption keys from the computer,” the company said.
Russian security software maker Kaspersky Lab, however, said its preliminary findings suggested the virus was not a variant of Petya but a new ransomware not seen before.
Unheeded Warning
The WannaCry attack was a nice global warning, clearly ignored. These are the consequences.
What We Know So Far
- Major companies around the world were hit
- Companies that applied security patches were not hit
- Putin did it personally, with help from Trump
In regards to point number three, who else? Why the media is not all over this remains a mystery.
The attack on Russia’s state-controlled oil company, Rosneft, is an obvious smokescreen designed to hide Putin’s direct involvement.
By the end of the day, the Washington Post is sure to have details involving both Putin and Trump.
Who to Blame?
More seriously, companies had ample time to apply software patched. But they didn’t.
However, we need to take one step further back for the origins of these viruses.
The NSA is involved in this mess as noted in WannaCry Cyber Attack Hits 99 Countries, FedEx, Nissan, Hospitals, Universities with NSA Developed Malware: Five Questions.
The National Security Agency (NSA ) has its hands in the biggest ransomware cyber attack in history. The NSA found holes in the Windows operating systems and instead of alerting Microsoft it chose to exploit those holes for its own benefit.
The problem with such an approach is the NSA is not the only one who can exploit the holes.
Microsoft Blasts NSA
If that sounds far-fetched, then please consider Microsoft Blasts NSA, CIA for “Stockpiling Vulnerabilities”: Criminal Negligence by NSA?
Pertinent Tweets from Snowden
For those who would never believe such a thing, there is always the tried and true: Blame Putin and Trump.
Mike “Mish” Shedlock
IIRC morons from at least five nations are meeting in Canada this week to discuss ways of weakening cyber security even more. Duh…
Thanks for this update Mish. I’ll send it around to staff.
Who’s to blame?
1. The hackers who do this crap.
2. Microsoft, for gross negligence in operating system design.
3. Incompetent sys admins who provide file sharing access to critical core systems. WTF?
4. The incompetent managers who hire the incompetent sys admins.
5. Incompetent executives who haven’t fired the incompetent managers after the last time they found out their systems aren’t being patched on a timely, scheduled basis.
6. The incompetent American spooks who find these exploits and let them get into the wild.
7. Putin, Trump, Hillary and, almost certainly, Mexican rapists.
Agree with everything except:
“Microsoft, for gross negligence in operating system design.”
Considering the need to maintain software compatibility across so many different versions of the OS (their major selling point; the mountain of outstanding PC FREEWARE alone blows away any other OS) and the need to be compatible with any PC hardware build anyone might come up with, frankly, I’m amazed the insanely complex patchwork called Windows works at all.
“Mexican rapists”
From a (not) right wing rag, what Trump was referring to:
80% Of Central American Women, Girls Are Raped Crossing Into The U.S.
http://www.huffingtonpost.com/2014/09/12/central-america-migrants-rape_n_5806972.html
I agree that Microsoft had a problem. When they went from the single-user DOS/Windows 98 code base to the Win 2000 code base, they had a lot of single user applications that required administrative rights to run.
However, Microsoft could have designed a mechanism to allow those applications to only run in a sandbox with specific rights. Those ideas had been around for a long time. They were too lazy and didn’t take the security issue seriously enough.
And I just through in the Mexican rapists thing for fun. But I appreciate the link. It’s informative.
You have no idea about software design to make such claims. Almost every router out there has vulnerabilities. Do you think Cisco, Linksys, Netgear are negligent? If you are still running year 2000 Mac OS, you are vulnerable too. Even Java, the supposedly safe “sandbox with specific rights” has been called out by Department of Homeland Security for its security flaws.
My employer has to report certain types of data (monthly) to the US Government. The ONLY way to do that is a web based Java app they host – which requires an old version of Java. Upgrading and patching Java breaks their reporting app. It is some Oracle Forms monstrosity. We had to specifically restrict upgrades for a while.
We removed Java from accounting PCs and put it on a VM – whose essential purpose is to allow this thing to run so they can meet their regulatory requirements. They remote in – do a very specific task via a book mark/secure login – and log out.
The agency hosting the app rhymes with e-eye-aye.
Regards,
Cooter
Some day far far … er, near near in the future there will be a massive attack on autonomous vehicles.
Smash Up Derby!
Speaking of cyber attacks using autonomous vehicles, I wonder if the ACX Crystal plowing into the center of the USS Fitzgerald is an example of that:
https://www.sofmag.com/freighter-was-on-autopilot-when-it-hit-u-s-destroyer-navy-appoints-lead-investigator/
Opening salvo for government control of digital currency. Solution: make crypto currency illegal for business transactions and peg the dollar back to gold. Withheld name please.
My first thoughts too! Governments and other rulers behind the scenes having a field day. This has nothing to do with normal hacking. At the same time more movement away from Cash to digital.
Will get a number tattooed on my forehead next…. Where is Vlad the Impaler when you need him.
Reblogged this on World4Justice : NOW! Lobby Forum..
Mish, you nailed it on blaming Putin and Trump. Unfortunately, Trump’s dropping out of Paris Accords has eliminated the blame it on global warming meme….
Mike Madigan and Rahm Emmanuel are huddling someplace right now trying to figure out how to tax anyone with malware on their computers and how to tax anyone using anti-virus software.
The oxymoronic named “intelligence” community likes to talk a big game about fighting terrorism or commies or whatever bogey man of the day.
But they spend an inordinate amount of time conducting mass surveillance on Americans — something that is no longer the subject of tin-foil hatters, its something liars like James Clapper have admitted to (after getting caught) in Congressional testimony.
Police departments the world over have learned that their jobs are 1000x easier when they have community support. And they have learned their job is impossible if the community is filled with people who “didn’t see nothin”.
As Clapper and others acknowledged, the CIA and NSA (and the other alphabet soupers) are working against the very community they most need support from: US taxpayers. These “intelligence” analysts are literally working to undermine their own funding base.
The NSA should be held accountable for these hacks. I am sure it was some other loser that used the NSA’s tools; but the NSA built these tools and left their own country vulnerable. They left their allies vulnerable.
They worked against their own team, they made their own team more vulnerable.
That is why the NSA is guaranteed to fail in stopping terrorism and commies and everything else they are supposed to do. A team that doesn’t play together, especially a team where one player deliberately tries to undermine his teammates, is a team that cannot win.
The military emphasizes this painfully obvious concept day in and day out — which makes one wonder why the supposedly “educated” people at the NSA don’t get it.
The terrorists/commies win because the NSA was busy undermining their own team.
Can’t do a like, but agree 100%
Guaranteed failure = guaranteed budget increase. See: Illinois
The problem isn’t inside NSA; they are not going to undermine their cushy jobs. Those who supervise it are guilty of a massive, cover your derriere, groupthink.
Remember when the CIA’s head of Kabul desk was killed by a double agent? (bomb attack, happened for real, but dramatization in that movie zero dark thirty)
Remember how the CIA used that doctor in Abattabod Pakistan to locate Bin Laden… then left him to fend for himself afterward?
The double agent that blew up the desk chief knew “his team” would not protect his family once the taliban found out. The Pakistani doctor apparently thought the CIA would return his favor / protect him.
What happens when the NSA / CIA needs the next person to help them?
Criminal negligence by the NSA? LOL, that’s a good one!
Next thing and you’ll be suggesting criminal arraignment of CEOs who sign off on falsified corporate financial statements. 🤔
The UK is prepared for anything:
June 27, 2017
“Windows XP Spotted Running Aboard Royal Navy Aircraft Carrier”
“During a tour of the £3.5 billion HMS Queen Elizabeth, someone reportedly spotted a screen inside the aircraft carrier’s control room running Windows XP. Microsoft hasn’t supported this operating system since April 2014. Even so, ESET researchers found approximately 10 percent of machines worldwide were still running Windows XP two years into the platform’s end-of-life.”
https://www.tripwire.com/state-of-security/latest-security-news/windows-xp-spotted-running-aboard-royal-navy-aircraft-carrier/
December 8, 2016
“90 per cent of the UK’s NHS is STILL relying on Windows XP”
“The NHS is still running Windows XP en masse, two and a half years after Microsoft stopped delivering bug fixes and security updates.
Nearly all of England NHS trusts – 90 per cent – continue to rely on PCs installed with Microsoft’s 15-year-old desktop operating system.”
https://www.theregister.co.uk/2016/12/08/windows_xp_nhs_still/
Microsoft did break habit, and introduced a patch specifically for WannaCry for Windows XP. I expect, there will be one for this malware.
“The National Security Agency (NSA ) has its hands in the biggest ransomware cyber attack in history.”
…
NSA is putting its best people on it*.
*to shut down Snowden’s twitter account
L MAO !!
.
there is a 2nd type as well – hitting linux boxes
http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/
The hackers just got paid $1.6M in bitcoin – now that is a payday that should get some attention.
I’m not finding clear info on what OS versions are vulnerable to Petya.
Petya propagates itself by exploiting the MS17-010 vulnerability, Eternal Blue
https://www.symantec.com/connect/blogs/petya-ransomware-outbreak-here-s-what-you-need-know
But MS17-010 patch was for the whole range of Windows
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
?
Android is Linux based, hard to imagine what a billion bricked smartphones would look like…
And they’re not getting updated any time soon.
Android uses some Linux distribution, and Linux kernel. Someone more knowledgeable would be able to say how much weakness that opens up to other Linux exploits… I haven’t noticed any patching, might be silent updates but I doubt it. Not sure if the fact most are not rooted provides much security either.
Linux is certainly less vulnerable because of a smaller market share, but also the fact that it offers multiple file systems. However, I suspect, this malware uses a high level API which is offered as a feature by the operating system, and has a legitimate use.
If you count Android as Linux it has more custom than Wndows, this article is a bit muddled to read but has some figures
https://en.m.wikipedia.org/wiki/Usage_share_of_operating_systems
Another article put active Android devices at 2 bn.
Russia did it. Funny.
How did all this happen, who’s to blame, and is there a fix? How many RFCs have i read in my lifetime until 2005 when I swore I would never bother with high tech again? What started out as a fun toy became a real pain in the rear, the internet. Those in charge of developing it were so concerned with growing connections and the ease of entry that any protocol that required security was swept to the side. Equipment makers couldn’t be bothered with any real security. Wire operators bulked at keeping data and supervision separate, costs too much. They all forgot about Captain Crunch and the lessons the Telcos learned. the SS& network put an end to almost all the phone fraud involving voice. Dial ups kept the bad guys at bay, they left their addresses as calling cards. I remember arguing for a separation of data from supervision when it came to internets and intranets. No, too expensive. Besides we have all this security stuff. I saw how easy it was to break 128 its codes, get the software off the internet..
So now we blame Microsoft, we blame the NSA, we blame all manner of people. Tell me, do you want to stop the thievery, the intrusions, the complete lawlessness on the internet? there is only one way. It’s the separation of data and supervision into separate channels and a lock down of the supervision channel. It works. You can’t take a blue box and make unrecorded long distance calls on the telephone system. And unless you tap into the outside plane somewhere, we know where you live. Tap into the lines, we still know about where you are. You become easy to trace, takes about a second or two. You will be found.
But the internet can give anyone a sense of being anonymous, undetectable. A bit of coding here and one can hide the originating IP address, make it a different one. One can spoof routers and terminals and god knows what else. Hell, even your cell phones are vulnerable. the sad part is that even on this site most of you don’t have a clue as to what I am talking about. You just want plug and play, the easy way to do things. So now we have plug and play malware up the yingyang. You wanted ease of connection, don’t bother me with learning something new, I just want it to work without effort. Well, you got that.
The fix is one that will require billions, if not trillions of dollars the design and build a network where idiots can use their laptops, tablets, and smart phones while keeping the malware and other criminal activities at bay. Oh, by the way, don’t count on this fix anytime soon. You see, the NSA and the CIA, and all those spooks would have to gather intelligence the old fashion way. They wouldn’t be able to get into everyones systems and you know the government won’t stand for that.
The next generation of servers will be secure. These chips are designed under supervision of the Chinese government to insure no NSA back doors.
https://semiaccurate.com/2017/06/22/amds-epyc-major-advance-security/
I am afraid that technology will disappoint you. when you allow signaling over the same channel as your voice or date=a there will never be security, the internet needs common channel signaling and that means that all of our laptops and so forth need to be changed to accommodate such a redesign. But the biggest obstacle is the world spy agencies, as that would block them from play all the little spy games that one can do with the present internet architecture. It’s not the back doors that matter, it’s the mixing of data with signaling that makes the difference. the only way to defeat the SS7 system is to gain physical access to the SS7 interface, which one can do if one bribes people to literally open the doors to the switching equipment offices.
🙂
The Chinese Government is definitely the world’s undisputed number one authority on chip design. Why didn’t Intel think of consulting with those guys before???
Complexity and interdependence is what opens up for exploits. In Chip design, as in anything else. Specifically including supply chains.
But this is also what allows for the illusion of easily created increased “wealth” and functionality; as long as the downsides are not included in the cost/benefit calculation.
By going full ostrich, and pretending everything and everyone will always behave the way the salesman, or politician, say they will, you can reduce complexity of design by orders of magnitude.
But what you are brushing under the table with your naivete, is resilience. Which will, eventually, come back to bite you.
Putin and Trump? N, this is obviously a direct consequence of Global Warming. But Putin and Trump caused that. Well, mostly Trump.
I clearly made a mistake by failure to also blame global warming.
Thanks for tying this together in a clear and concise manner.
Chances are Donna Brazile knew all along what the ransomware vulnerabilities were but kept Bernie Sanders out of the loop.
What really makes it bad is having Susan Rice blame WannaCry on a YouTube clip of American IT workers mocking Microsoft.
The WaPo readers are the ones who know the truth. You all have been brainwashed by faux news. 😉
.
What happens when the NSA / CIA needs the next person to help them?
.
.