Massive cyber attack hits Europe with widespread ransom demands

glennd

glennd

Well-Known Member
Reaction score
2,527
Location
South West Victoria Australia
glennd said:
Moscow: A new wave of powerful cyber attacks hit Europe on Tuesday in a possible reprise of a widespread ransomware assault in May that affected 150 countries, as Ukraine reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down.

http://www.smh.com.au/technology/te...idespread-ransom-demands-20170627-gwzxv4.html
Click to expand...
Apparently WannaCry wasn't enough to get people to patch their systems. This is using the same EternalBlue exploit.
 
https://arstechnica.com/security/20...to-wcry-is-shutting-down-computers-worldwide/

"There are also unconfirmed reports that infections worked against a fully patched computer running Windows 10, by far Microsoft's most secure OS, which was never vulnerable to EternalBlue. What's more, according to the unconfirmed report, the computer was using up-to-date AV protection and had disabled the SMBv1 file-sharing protocol that EternalBlue exploits."

https://twitter.com/kennwhite/status/879758715871793152

Just more sources.
 
SmittenmittenS said:
https://arstechnica.com/security/20...to-wcry-is-shutting-down-computers-worldwide/

"There are also unconfirmed reports that infections worked against a fully patched computer running Windows 10, by far Microsoft's most secure OS, which was never vulnerable to EternalBlue. What's more, according to the unconfirmed report, the computer was using up-to-date AV protection and had disabled the SMBv1 file-sharing protocol that EternalBlue exploits."

https://twitter.com/kennwhite/status/879758715871793152

Just more sources.
Click to expand...
SMB is not the only attack vector. Just like wanna cry it is first activated by end users clicking on an infected link. Via email or Facebook.
 
I followed this yesterday on Reddit and Twitter as I watched this spread. I follow several malware researchers and find Twitter to be invaluable as the infosec community analyzes these attacks real time. Here are a couple of additional resources. The lateral movement of the malware is what is most impressive. If you used the same local admin credentials across your domain the malware used those credentials to move through the LAN and infect everything.

https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

https://www.reddit.com/r/sysadmin/comments/6jsnex/new_ransomeware_attacks_holland_ukraine/

Edit: Here is another link as well:

https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/
 
Last edited:
Welcome to the new world gentlemen. Outbreaks like this will become increasingly common and increasingly more effective. It's going to get worse before it gets better because as long as it's a revenue generator for someone, ransomware is going to continue to be prevalent.

Just remember this, no matter how patched your systems are, no matter how good your security software and practices are, the thing that actually gets these types of infections rolling is one of the oldest con-man tricks in the book. Mankind has lived on this planet a long time, and we still have yet to devise an effective method to combat the Confidence Game.
 
The more up-to-date analyses show that it's not ransomware because (even if the only possible contact point hadn't been closed) it's not actually providing information that would be required for decryption. Basically it's a disk wiper that pretends to be ransomware.
 
You must log in or register to reply here.

Similar threads

NYJimbo
Massive ransomware attack hits Europe
Replies
4
Views
504
Altster
Altster
Back
Top