Report: Second quarter dominated by ransomware outbreaks

The second quarter of 2017 left the security world wondering, “What the hell happened?” With leaks of government-created exploits being deployed against users in the wild, a continued sea of ransomware constantly threatening our ability to work online, and the lines between malware and potentially unwanted programs continuing to blur, every new incident was a wakeup call.In this report, we are going to discuss some of the most important trends, tactics, and attacks of Q2 2017, including an update on ransomware, what is going on with all these exploits, and a special look at all the breaches that happened this quarter.

Categories:

Tags:

(Read more…)

The post Report: Second quarter dominated by ransomware outbreaks appeared first on Malwarebytes Labs.

Continue reading Report: Second quarter dominated by ransomware outbreaks

All this EternalPetya stuff makes me WannaCry

Get more background on the EternalPetya ransomware. Learn about its origin, attribution, decryption, and the methods of infection and propagation.
Categories:
Cybercrime
Malware
Tags: attributiondecryptionDoublePulsarEternalBlueEternalPetyaEternalRom… Continue reading All this EternalPetya stuff makes me WannaCry

The key to old Petya versions has been published by the malware author

As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. As a result of the recent events, Janus released his private key, allowing all the victims of the previous Petya attacks, to get their files… Continue reading The key to old Petya versions has been published by the malware author

Last month’s malware outbreak cost this household company £100 million

The household goods manufacturer of such famous products as Nurofen painkillers, Durex condoms, Dettol, and Harpic, has warned that it was hit hard by the June 27th global malware outbreak which struck power plants, airports, and government agencies in… Continue reading Last month’s malware outbreak cost this household company £100 million

Linux hacking, Petya, and Windows – Paul’s Security Weekly #520

Separating the hacked and the paranoid, remote Linux hacking, Petya goes postal at FedEx, today’s mainstream hacktivism tools, and why choosing Windows should get you fired! Paul’s Security News Stories Separating the Paranoid from the Hacked Choosing Windows for your organization should get you fired – I love this because it is to controvertial of a […]

The post Linux hacking, Petya, and Windows – Paul’s Security Weekly #520 appeared first on Security Weekly.

Continue reading Linux hacking, Petya, and Windows – Paul’s Security Weekly #520

‘Patient zero’ of global ransomware incident was warned and owned before outbreak

A Ukrainian software company at the center of an international ransomware outbreak was reportedly warned about its insufficient digital security multiple times, and new evidence shows it had been compromised by hackers before last week’s incident. M.E.Doc, a Ukrainian software firm that develops accounting software that is mandated by the country’s government, is widely considered to be the “patient zero” behind ExPetr, a unique ransomware variant that first appeared on June 27 with the capability of spreading quickly across local networks and deleting data. Cybersecurity researchers with Czech security firm ESET published evidence Tuesday that hackers were able to successfully penetrate M.E.Doc in the months preceding the major attack and had installed a series of backdoors. These implants would allow a hacker to remotely execute numerous commands and upload other malicious code. Such a backdoor may have been originally leveraged to launch ExPetr. It’s also possible that the attacker had […]

The post ‘Patient zero’ of global ransomware incident was warned and owned before outbreak appeared first on Cyberscoop.

Continue reading ‘Patient zero’ of global ransomware incident was warned and owned before outbreak

Servers associated with NotPetya attack seized by Ukrainian Police

By Jahanzaib Hassan

Last week the computer systems of several companies in Europe were infected with NotPetya malware. At first, the researcher thought it’s just another ransomware attack like the WannaCry one but later discovered that NotPetya is a disk wiper that locks a victim’s data files and throws away the decryption key. Now, Police in Ukraine has […]

This is a post from HackRead.com Read the original post: Servers associated with NotPetya attack seized by Ukrainian Police

Continue reading Servers associated with NotPetya attack seized by Ukrainian Police

Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say

The search for the source of last week’s global malware attacks continues as experts are increasingly pointing toward Russian involvement in the incident. The NATO-affiliated Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn, Estonia, concluded last week that the attack was “most likely” carried out by a nation-state. The report followed a string of separate analyses that said the attacks appeared to have Russian sources. CCD COE researchers pointed to the sophistication of the malware. “In the case of NotPetya, significant improvements have been made to create a new breed of ultimate threat,” said one of the researchers, Bernhards Blumbergs. “Among all new features, the malware has been more professionally developed in contrast with sloppy WannaCry, and instead of scanning the whole Internet it is more targeted and searches for new hosts to infect deeper on local computer networks once initial breach has occurred.” The assertion by NATO-sponsored researchers that a nation-state probably spread the malware only intensifies questions […]

The post Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say appeared first on Cyberscoop.

Continue reading Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say

From BlackEnergy to ExPetr

To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware. Given our love for unsolved mysteries, we jumped right on it. We’d like to think of this ongoing research as an opportunity for an open invitation to the larger security community to help nail down (or disprove) the link between BlackEnergy and ExPetr/Petya. Continue reading From BlackEnergy to ExPetr