NotPetya – Page 12 – WindowsTechs.com

Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines

Posted on July 13, 2017 by Michael Mimoso

Data collected from the freely available scanner called EternalBlues shows that tens of thousands of computers remain vulnerable to the SMBv1 vulnerability that spawned WannaCry and ExPetr. Continue reading Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines→

EternalBlue vulnerability scanner statistics reveal exposed hosts worldwide

Posted on July 13, 2017 by Zeljka Zorz

After the recent massive WannaCry ransomware campaign, Elad Erez, Director of Innovation at Imperva, was shocked at the number of systems that still sported the Microsoft Windows SMB Server vulnerabilities that made the attack possible. So, he decided to do something about it: he created Eternal Blues, an easy-to-use vulnerability scanner that he made available for download for free. The tool does one single thing: it scans computers for the aforementioned vulnerabilities, and lets users … More → Continue reading EternalBlue vulnerability scanner statistics reveal exposed hosts worldwide→

Report: Second quarter dominated by ransomware outbreaks

Posted on July 6, 2017 by Malwarebytes Labs

The second quarter of 2017 left the security world wondering, “What the hell happened?” With leaks of government-created exploits being deployed against users in the wild, a continued sea of ransomware constantly threatening our ability to work online, and the lines between malware and potentially unwanted programs continuing to blur, every new incident was a wakeup call.In this report, we are going to discuss some of the most important trends, tactics, and attacks of Q2 2017, including an update on ransomware, what is going on with all these exploits, and a special look at all the breaches that happened this quarter.

Categories:

Malwarebytes news

Tags: ad fraud adam kujawa Adam McNeil adware Amazon Phishing Armando Orozco astrum boaxxee breach breaches cerber cybercrime tactics & techniques cybercrime tactics and techniques dok DoublePulsar EK EternalBlue EternalPetya exploit kit Findzip fireball handbrake Jaff Jean-Philippe Taggart Jerome Segura kovter Locky Magnitude Malwarebytes malwarebytes labs Marcelo Rivero Nathan Collier NotPetya NSA nymain petya Pieter Artnz proton proton RAT Q2 2017 RIG second quarter ShadowBrokers Tamy Stewart tech support scams Thomas Reed Troldesh WannaCry WDFLoad William Tsing

Continue reading Report: Second quarter dominated by ransomware outbreaks→

All this EternalPetya stuff makes me WannaCry

Posted on July 6, 2017 by Adam McNeil

Get more background on the EternalPetya ransomware. Learn about its origin, attribution, decryption, and the methods of infection and propagation.
Categories:
Cybercrime
Malware
Tags: attributiondecryptionDoublePulsarEternalBlueEternalPetyaEternalRom… Continue reading All this EternalPetya stuff makes me WannaCry→

The key to old Petya versions has been published by the malware author

Posted on July 6, 2017 by Malwarebytes Labs

As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. As a result of the recent events, Janus released his private key, allowing all the victims of the previous Petya attacks, to get their files… Continue reading The key to old Petya versions has been published by the malware author→

Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak

Posted on July 5, 2017 by Dan Goodin

Operation that hit thousands was “thoroughly well-planned and well-executed.” Continue reading Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak→

‘Patient zero’ of global ransomware incident was warned and owned before outbreak

Posted on July 5, 2017 by Chris Bing

A Ukrainian software company at the center of an international ransomware outbreak was reportedly warned about its insufficient digital security multiple times, and new evidence shows it had been compromised by hackers before last week’s incident. M.E.Doc, a Ukrainian software firm that develops accounting software that is mandated by the country’s government, is widely considered to be the “patient zero” behind ExPetr, a unique ransomware variant that first appeared on June 27 with the capability of spreading quickly across local networks and deleting data. Cybersecurity researchers with Czech security firm ESET published evidence Tuesday that hackers were able to successfully penetrate M.E.Doc in the months preceding the major attack and had installed a series of backdoors. These implants would allow a hacker to remotely execute numerous commands and upload other malicious code. Such a backdoor may have been originally leveraged to launch ExPetr. It’s also possible that the attacker had […]

The post ‘Patient zero’ of global ransomware incident was warned and owned before outbreak appeared first on Cyberscoop.

Continue reading ‘Patient zero’ of global ransomware incident was warned and owned before outbreak→

Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say

Posted on July 3, 2017 by Patrick Howell O'Neill

The search for the source of last week’s global malware attacks continues as experts are increasingly pointing toward Russian involvement in the incident. The NATO-affiliated Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn, Estonia, concluded last week that the attack was “most likely” carried out by a nation-state. The report followed a string of separate analyses that said the attacks appeared to have Russian sources. CCD COE researchers pointed to the sophistication of the malware. “In the case of NotPetya, significant improvements have been made to create a new breed of ultimate threat,” said one of the researchers, Bernhards Blumbergs. “Among all new features, the malware has been more professionally developed in contrast with sloppy WannaCry, and instead of scanning the whole Internet it is more targeted and searches for new hosts to infect deeper on local computer networks once initial breach has occurred.” The assertion by NATO-sponsored researchers that a nation-state probably spread the malware only intensifies questions […]

The post Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say appeared first on Cyberscoop.

Continue reading Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say→

EternalPetya – yet another stolen piece in the package?

Posted on June 30, 2017 by Malwarebytes Labs

Since 27th June we’ve been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. Some believed, that it is a rip-off the original Petya, others – that it is another step in its evolution. However, so far, those were just different opinions, and none of them was backed up with enough evidence. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).

Categories:

Tags: attribution EternalPetya hasherezade hexedit janus Malwarebytes NotPetya NSA petya psexec ransomware

Continue reading EternalPetya – yet another stolen piece in the package?→

This Is What It Looks Like When You Get Hit with the NotPetya Ransomware

Posted on June 30, 2017 by Ben Sullivan

It’s almost impossible to recover your files. Continue reading This Is What It Looks Like When You Get Hit with the NotPetya Ransomware→