Windows Bug Exploited Again by Ransomware
Businesses around the world are reporting computer problems that appear to be another rapidly-spreading ransomware attack. It appears likely to be exploiting the same Windows flaw as the recent WannaCry attack.
Details were still emerging at the time of writing, but high profile businesses including drug giant Merck, a British advertising agency and a Danish shipping company are known to have been compromised. Ukraine's government network also appears to have been hit. (Source: nytimes.com)
File Index Compromised
As with WannaCry, the malware appears to be designed to lock up and encrypt files, demanding a ransom paid in the virtual currency Bitcoin. The code appears to be a variant of a known ransomware attack named Petya that's been around for well over a year.
Unlike most ransomware, Petya doesn't encrypt every file on a computer. Instead it locks up the Master File Table, which is effectively the index that helps a computer find the physical location of a file on a hard drive. If the Master File Table is inaccessible, the rest of the files are effectively inaccessible.
Malware Spreading Rapidly
As with WannaCry, the most notable feature of the current attack isn't so much the ransomware element but rather the sheer speed it is spreading worldwide. It appears that like WannaCry, it is exploiting a vulnerability across all forms of Windows that affects networking and file sharing. The result is that one machine being infected in an organization, such as through a bogus file attachment being opened, can quickly lead to an entire network being infected.
While the Windows bugs were fixed, including a rare patch for earlier systems such as XP, the new attack appears to be aimed at organizations who've failed to install the patch for a couple of reasons. One reason is that WannaCry was disabled so quickly that organizations simply didn't bother to patch their systems. Another reason is that installing patches can be disruptive, for example on airline networks where systems need to be constantly accessible. (Source: bbc.co.uk)
As with WannaCry, home users aren't necessarily the main target. However, the way such malware spreads doesn't discriminate, so the usual advice of keeping software patched and being suspicious about unexpected file attachments or links applies.
What's Your Opinion?
Did you check your computer was fully patched after the WannaCry outbreak? Should businesses accept a brief period of downtime as a price worth paying to reduce the risk of a total lockout later on? Could law enforcement do anything more to tackle the people behind ransomware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
This is weird(Im bring nice about it)
I see to many problems with all this in the LAST 20 years..
Linux USED to be the server system of the net, and servers..FOR SOME REASON, many companies Switched to Windows...IS IT REALLY EASIER?? When you have HOLES IN IT?
I wonder about systems and sites that EACH Computer system is critical..That they cant SWAP 1 computer out for ANOTHER UPDATED system, update the Old system then SWAP the updated for Another NOT updated..
An Email server with Direct WRITE ability to the MAIN system is abit stupid, and this has been proven Over and over..AND some idiot DOES NOT SCAN ATTACHMENTS?? I NEVER oprn attachments unless I know the person, and I EVEN CALL THEM and ask if they sent something,,, Iv caught a few, that the person NEVER SENT, and asked them to SCAN their systems and Find where it came from...They had opened ANOTHER attachment from Another person, WHO HAD DONE THE SAME, and never sent anything out.. ITS EASY TO CHECK..
ONLY read TXT format in emails..IT CANT run out to the net, OPEN a window and LOAD UP what was on that site.. NO Auto execute ZIPS, or EXE, or HTML, NOTHING..
For some strange reason there are MORE FREE UTILITIES ON THE CLIENT SIDE, then there are on Servers.. Why hasnt MS fixed this?? BECAUSE THEY WANT MONEY..Everything costs money every Every year..THe Corp mentality is messing things up,, They would rather RENT/LEASE the program to you, then a DIRECT SALE..
But to many would rather SERVER software to AUTO CREATE the system to to BUILD from Scratch, as with Linux.. Its like buying a CAR, and you dont know HOW to maintain it.. It works till it DIES.. And any dummy can monitor a system THATS SUPPOSED to watch itself...you dont need to PAY a good Admin or SYSOP..
Iv mentioned before about NEEDING a PERSON to watch the systems..to LOOK for warnings, to CHECK INCOMING USERS that SIT on a system and and TAKE TERABYTES OF DATA..
10 years ago, I was recovering a computer system for a friend as it had corrupted. I needed the dialup info to connect to the net, and filled in the info and WENT to the internet...FIRST SITE IE WENT TO...MSN. It took 15 minutes for the system to settle down(I knew what was happening) AS the SITE DATA LOADS ON YOUR MACHINE, and then Displays the site.. The system was LAGGY..so I scanned everything,,8 virus and 15 bots later...I sent a letter to MSN about Scanning 3rd party adverts.(it wasnt nice) 1year later, MSN CUT ALL ADVERTS.
MSN didnt know all this STUFF was happening. And NEW software (NOW) scans data as it COME TO YOUR COMPUTER..
RULE from the OLD DAYS of computers..If you have a CLEAN system the only way to get a VIRUS is INPUT.. ANY way to INPUT data, from Floppy drives to your network to your KEYBOARD...(INPUT) is the only way to corrupt your system software. only way to Protect your system is to SCAN ALL INPUT..
For some reason this has been forgotten. and its FAIRLY simple idea. Dont display/run/execute/anything until it has been Scanned.
Sorry for the caps, Its how I express myself..Sorry its so long,.