Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World (vice.com)

Posted by msmash on from the security-woes dept.

A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world. From a report: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations (a non-paywalled source), the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement. BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland."

According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

109 comments

  1. Backup/Restore by Big+Hairy+Ian · · Score: 2

    Say no more

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    1. Re:Backup/Restore by Anonymous Coward · · Score: 0

      In Soviet Crimea, malware backs up you.

    2. Re:Backup/Restore by 93+Escort+Wagon · · Score: 4, Insightful

      Disconnected backup/restore.

      These sorts of malware are perfectly capable of encrypting a connected external or network drive.

      --
      #DeleteChrome
    3. Re: Backup/Restore by Anonymous Coward · · Score: 2, Insightful

      Would have been nice if some government agency had found vulnerabilities, they would have tipped off the vendors to patch them. Only sociopaths would have failed to improve the world by trying to use them for their own benefit.

    4. Re:Backup/Restore by Rei · · Score: 4, Interesting

      Something I was just thinking about the other day, when considering btrfs for a new install rather than ext4... wouldn't a filesystem that allows for periodic snapshotting offer some defense against ransomware, so long as the ransomware doesn't run with the privilege to delete snapshots? So it starts encrypting your files... then runs out of disk space due to all of the changes it's made since the last snapshot, becomes stuck, and all the user has to do is restore from the last snapshot.

      Seems like some relatively low hanging fruit to help combat a relatively major problem. Or am I missing something?

      --
      "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
    5. Re: Backup/Restore by Anonymous Coward · · Score: 0

      Only sociopaths would have failed to improve the world by trying to use them for their own benefit.

      Sociopaths are present in all levels of government to a greater degree than most organizations.

    6. Re: Backup/Restore by phayes · · Score: 1

      Write a letter to Putin@thekremlin.ru thanking his hackers for their thoughtful repackaging of the zero days the NSA released to Microsoft etc when they learned that the tools/0days were going to be released publicly. It was a few months before the "patriotic" hackers released the NSA tools.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    7. Re: Backup/Restore by MightyMartian · · Score: 1

      I've had a lot of interactions with bureaucrats and the like, and generally, no, I don't see much sign of sociopathy. There's certainly a kind of antipathy that creeps into a public service, and of course momentum means that things will tend to go in the same direction regardless of what the people at the top want.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    8. Re:Backup/Restore by JaredOfEuropa · · Score: 1

      Also, detection? According to the news, none of the regular virus scanners are detecting this new variant, and of course once they are able to detect this one (WannaCry is now reliably detected) the next variant is released into the wild. But any process that scans for known vulnerable services should be suspect, as should any process that reads and then modifies a large number of files, especially in locations like the user folder.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    9. Re:Backup/Restore by Anonymous Coward · · Score: 1

      Yep. You can also use ZFS for this to combat exactly the same issue.

      With disk being so cheap anymore, if you know Linux you should have at least a RAID1 (ZFS RAID10 is better, and easier to grow) storage system going, and doing full bare-metal backups of everything you care about at least once a week. As well as doing test bare-metal restores to a VM once a month or so to make sure.

    10. Re:Backup/Restore by JaredOfEuropa · · Score: 4, Informative

      Careful with just doing mirrors and/or rotating snapshots / tapes: by the time the ransomware reveals itself, your backup process may already have cheerfully overwritten your files in backup with encrypted versions.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    11. Re: Backup/Restore by Anonymous Coward · · Score: 0

      How many upper-level bureaucrats have you worked with? SES levels are filled with them.

    12. Re: Backup/Restore by MightyMartian · · Score: 4, Insightful

      Well, I'm up in Canada, so maybe it's different south of the border, but up here I've had meetings with Assistant Deputy Ministers, which are about two steps down from the political office-holder (the Cabinet Minister). I've had my disagreements with them, and certainly have felt they've made some decisions that I thought were, shall we say, less than optimal, but I've never seen evidence of them being bad or selfish people.

      I can't say the same for some cabinet ministers (what Americans would call Secretaries), mind you. I've never directly interacted with anyone at the political level, but there have been or two whose actions I've seen that have lead to believe that if they're not outright sociopaths, then at least they're quite callous and bullying. There's an old joke in the Westminster tradition that the best cabinet minister is the cabinet minister who understands that it's not his job to micromanage his department. I have seen cabinet ministers who very much believed they had the knowledge and capability to do just that, and like a crappy CEO in a private setting, they can leave ruin and poor morale in their wake. Many years ago I saw one Ministry see an exodus of everyone from frontline public sector workers up to higher level civil servants start getting out, and that always suggests a department with very poor leadership.

      That being said, I don't think even most politicians are sociopaths. I think they can get woefully out of touch with their constituents, and the problem here in Canada, as I'm sure it is in the US, is that voters will tend to vote based on team jersey in many cases rather than on anyone's record, so the same bad actors seem to be able to hang on to their jobs for a rather long time.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    13. Re:Backup/Restore by Anonymous Coward · · Score: 0

      Say a lot more:
      https://www.owasp.org/images/9/98/Anti-RansomwareGuidev1-4.pdf

    14. Re:Backup/Restore by Anonymous Coward · · Score: 0

      just burn your shit in dvds, thats what i do with my porn, all my bitches are sacred to me, even if in real life they are all extra sticky, in my dvds all those whores are safe and pure as snow

      burn your shit in dvds NOW or somebody else will masturbate looking at your data, or WORSE

    15. Re:Backup/Restore by DontBeAMoran · · Score: 1

      Big Hairy Ian: Is, uh,...Is your computer a goer, eh? Know whatahmean, know whatahmean, nudge nudge, know whatahmean, say no more?

      Us: I, uh, I beg your pardon?

      --
      #DeleteFacebook
    16. Re:Backup/Restore by DontBeAMoran · · Score: 1

      Burn your shit in dvds NOW or somebody else will masturbate looking at your data, or WORSE.

      ...there's way too much information to decode the encrypted files. You get used to it, though. Your brain does the translating. I don't even see the code. All I see is blonde, brunette, redhead.

      --
      #DeleteFacebook
    17. Re:Backup/Restore by KiloByte · · Score: 4, Informative

      That's why you don't just rotate the snapshots, you organize them into tiers.

      For example, the setup I use is: I keep yearlies, monthlies, 1-11-21th day of month, dailies, and (for two machines) 3-hourlies. Yearlies and monthlies don't expire other than manually, others keep 10 of their kind.

      If you use btrfs on the backup machine -- with dedupe and compression -- all of this takes surprisingly little space compared to other forms of backup, yet any individual snapshot is available straight as a mounted filesystem, without any extra steps.

      Obviously most machines have pull backups: since root privs are needed, it's the backup machine that can control the backupees.

      I also have disconnected backups, although I haven't automated that yet.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    18. Re: Backup/Restore by Anonymous Coward · · Score: 0

      Canadian burocrats sneak into newborn nurseries and fuck all the babies up the ass before they are discharged home with their parents. Just like the Americans and Europeans. They are the worst "people" in the world.

    19. Re: Backup/Restore by Megol · · Score: 1

      Several failings in that post. TLA finds vulnerabilities because they search for them, they search for them to be able to do their job. Their job is to protect their country and by extension the people. Not doing their job would mean the agency is useless.
      You also don't understand what sociopaths are about. It is a mental disease/condition. It isn't a placeholder for "something I do not agree with" any more than nazi/fascist/left/right etc. It is also something a person can have - not an organization.

      You don't like it? Then work on changing what those organizations do instead of posting here as a coward. But try to realize what cost this open policy will have.

    20. Re:Backup/Restore by whitlocktj · · Score: 2

      This right here. Saved my bacon so many times.Clients don't like missing emails, so they like getting spam and actually OPEN the files. Good thing we had configured a regex alert whenever one of those files were created. Saved a lot of hours of recovery.

    21. Re:Backup/Restore by whitlocktj · · Score: 1

      Yeah, the beginning of time, yearly, monthly, weekly, daily, hourly, helps immensely. Never used dedupe though. Also, you NEED some kind of alerting. Otherwise, you're at the mercy of human detection, which is insurmountably ignorant of old data.

    22. Re: Backup/Restore by Anonymous Coward · · Score: 0

      Then work on changing what those organizations do instead of posting here as a coward.

      As opposed to you posting here as a three letter shill? Damn! You sound like one of their press secretaries.

      Socio/psychopathy is the dominant trait in the leaders of this business all over the world. You have to be a bit crazy to get ahead. Otherwise the only TLA you will ever see the inside of is the DMV.

    23. Re: Backup/Restore by Anonymous Coward · · Score: 0

      Apparently you have not paid attention to our current prime minister. One of the defining characteristics of a sociopath is a lack of conscience

      He really does not seem to care about the people of Canada, just getting selfies and trying to look holier than now while the average Canadian and our future gets tossed away

    24. Re: Backup/Restore by MightyMartian · · Score: 0

      I see no evidence of your claim at all. I'm no fan of Trudeau, but the accusation seems as utterly absurd as claims by Liberals and the left that Harper was some sort of evangelical tyrant. Grow up. You can be against a politician's policies without resorting to infantile hyperbole.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
  2. BBC Report by Big+Hairy+Ian · · Score: 3, Informative

    http://www.bbc.co.uk/news/tech...

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  3. Credit where it's due by Anonymous Coward · · Score: 5, Insightful

    Slashdot editors receive a lot of flak when they run dupes, or miss out on good stories. But this story about the ongoing cyber attack is literally the only one that makes sense - and I have read FT, NYT, and WSJ copies. Insightful summary, and perfectly stitched together. Kudos.

    1. Re:Credit where it's due by UnknownSoldier · · Score: 1

      Holy sheep, /. editors doing their job? Has Hell frozen over? Is Linux on more devices then Windows?

    2. Re:Credit where it's due by Anonymous Coward · · Score: 0

      A Motherboard article that looks suspiciously similar to a Bleeping Computer report that's been sitting in the submissions queue for more than an hour.... When ransomware...you should read it from the experts.. not Vice

    3. Re:Credit where it's due by Anonymous Coward · · Score: 0

      Slashdot editors receive a lot of flak when they run dupes, or miss out on good stories. But this story about the ongoing cyber attack is literally the only one that makes sense - and I have read FT, NYT, and WSJ copies. Insightful summary, and perfectly stitched together. Kudos.

      Too bad the summary leaves out a very key piece of info, which doesn't quite fit with the hype-line;

      Ukrainian state power distributor Ukrenergo said its IT system had been hit by a cyber attack, but the disruption had no impact on power supplies or its broader operations.

      In other words, the attack was on their administrative network, not power or grid control.

    4. Re:Credit where it's due by Anonymous Coward · · Score: 0

      A slap on the back from AC is always a welcome surprise.
      Good morning Taco!

    5. Re:Credit where it's due by Anonymous Coward · · Score: 0

      If Bleeping Computer had published the report instead of sitting on it while Vice published it, people might have gone to their site instead

    6. Re:Credit where it's due by Anonymous Coward · · Score: 0

      Ukrainian state power distributor Ukrenergo said its IT system had been hit by a cyber attack, but the disruption had no impact on power supplies or its broader operations.

      In other words, the attack was on their administrative network, not power or grid control.

      because grid control is by big knife switches in a locked room.

    7. Re:Credit where it's due by Anonymous Coward · · Score: 0

      They've probably been hacked...

    8. Re:Credit where it's due by Anonymous Coward · · Score: 0

      > Is Linux on more devices then Windows?

      Undoubtedly.

    9. Re:Credit where it's due by Cederic · · Score: 1

      For all your cynical IT news needs : https://www.theregister.co.uk/...

    10. Re:Credit where it's due by Mr+D+from+63 · · Score: 1

      Slashdot editors receive a lot of flak when they run dupes, or miss out on good stories. But this story about the ongoing cyber attack is literally the only one that makes sense - and I have read FT, NYT, and WSJ copies. Insightful summary, and perfectly stitched together. Kudos.

      Too bad the summary leaves out a very key piece of info, which doesn't quite fit with the hype-line;

      Ukrainian state power distributor Ukrenergo said its IT system had been hit by a cyber attack, but the disruption had no impact on power supplies or its broader operations.

      In other words, the attack was on their administrative network, not power or grid control.

      Thank you.

  4. ZOMBIES! by Anonymous Coward · · Score: 0

    Say more! Then run like hell!

  5. from now on by Anonymous Coward · · Score: 0

    avoid linking to forbes or any website that is paywalled or blocks user who use adblock or a similar ad blocking tool. the only time you should link to them is if there is not a free site with the ci=ontent.

  6. "Fresh Cyber Attack" by Kludge · · Score: 0

    Freshness is important. I like my strawberries fresh.

    1. Re:"Fresh Cyber Attack" by Anonymous Coward · · Score: 0

      I give it a Freshness of 7 out of 5, or two-thirds eleventy-ninth. Simple, clear UI. Would ransom again.

    2. Re:"Fresh Cyber Attack" by Anonymous Coward · · Score: 0

      It's pronounced "Frayesh"

  7. A cyber attack? by Anonymous Coward · · Score: 0

    Was it with weaponized creimer pictures?

    1. Re:A cyber attack? by __aaclcg7560 · · Score: 1

      God knows Slashdot fanbois love their daily dose of fat porn.

    2. Re:A cyber attack? by Anonymous Coward · · Score: 0

      Not until you showed up and showed us how sexy a truly obese man can be! Your sassy personality and dedication to physical fitness is a true inspiration!

    3. Re:A cyber attack? by __aaclcg7560 · · Score: 1

      Not until you showed up and showed us how sexy a truly obese man can be!

      Ten years ago I posted a link to a Fat Porn FAQ on my website that got 3000+ hits per day from Slashdot. These days I have to settle for less than 300 hits per day from Slashdot. Sad.

    4. Re: A cyber attack? by Anonymous Coward · · Score: 0

      LOL so you admit it was you in them pics? Why are you posting links to fat porn FAQs? We also know you like to post affiliate links like a scumbag. Maybe you should start a fat porn website and be THE porn star. Had to be gay only because you are all aware you have never felt the touch of a woman. lol

      Creimer === the new APK.

    5. Re: A cyber attack? by __aaclcg7560 · · Score: 1

      Why are you posting links to fat porn FAQs?

      The asshats ten years ago were meaner and less pussy-whipped than today's asshats. Then as now, they thought my weight was relevant to the discussion. The asshats kept writing the same thing over and over again, mostly variations of "You're a fat POS!!!" So I collected what was written into a "Fat Porn FAQ," where I responded to each one, and posted it on my website. I routinely posted the FAQ link as a response every time an asshat repeated something out of the FAQ. If I had monetization set up back then, I would've retired by now.

  8. oh dear by schleimkeim · · Score: 1

    it's not a fucking cyber attack if the secretary opens an attachement called picture.exe

    1. Re:oh dear by JaredOfEuropa · · Score: 3, Insightful

      It's not a home invasion if the intruder presents himself as a delivery man / pizza guy, and you subsequently open the door.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    2. Re: oh dear by Anonymous Coward · · Score: 0

      No, that's a porno, at least in my experience.

  9. Petya = already defeated last year by AdamD1 · · Score: 3, Interesting

    This ransomware has actually previously been defeated (April 2016), and a key generator tool was released:

    https://www.bleepingcomputer.c...

    fyi

    --
    Because I can! [Brainrub.com]
    1. Re:Petya = already defeated last year by Anonymous Coward · · Score: 5, Informative

      This appears to be a new variant. No confirmation yet as to whether or not the previous decrypter still works.

      https://isc.sans.edu/forums/diary/Widescale+Petya+variant+ransomware+attack+noted/22560/
      "According to the Verge article, today's ransomware appears to be a new Petya variant called Petyawrap."

      https://twitter.com/craiu/status/879692523102511104
      The fast-spreading Petrwrap/Petya ransomware sample we have was compiled on June 18, 2017 according to its PE timestamp.

    2. Re:Petya = already defeated last year by Anonymous Coward · · Score: 0

      Supposedly based on Petya, but the source code for that malware is $25 and it has likely be significantly changed from the original beyond just incorporating ETERNALBLUE.

    3. Re:Petya = already defeated last year by BartWillems · · Score: 1

      What if it's not Petya? It certainly didnt look like what was shown in the youtube video.

    4. Re:Petya = already defeated last year by chispito · · Score: 1

      This ransomware has actually previously been defeated (April 2016), and a key generator tool was released:

      https://www.bleepingcomputer.c...

      fyi

      That means it is based on or related to that malware, that does not mean all the same tools and counter measures will apply. From my experience you're probably fine if you're running a next gen AV product and if you're running traditional AV software, you may or may not have sigs yet.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    5. Re:Petya = already defeated last year by Rei · · Score: 1

      That's actually what Kaspersky is now saying. They're saying it's something new and have actually taken to calling it "NotPetya".

      --
      "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
  10. Ugh by Anonymous Coward · · Score: 0

    I wonder why these articles on cyberattacks never primarily list a confirmed description of how these malware can be gotten.
    It doesn't matter if one is stupid for not knowing it already, it still should be bold and focused in these articles in order to
    cut down the stupid rather than criticizing stupid and never curing it.

  11. Remember kids... by __aaclcg7560 · · Score: 1

    Don't click on any dick pic links that appear on Slashdot. Most of those goes back to virus-infected websites.

    1. Re:Remember kids... by Anonymous Coward · · Score: 0

      That's right kids, only by starving creimer of his ad revenues will that digital fungus finally leave!

    2. Re:Remember kids... by __aaclcg7560 · · Score: 1

      That's right kids, only by starving creimer of his ad revenues will that digital fungus finally leave!

      Uh, no. My ad revenues have nothing to do with those image links. I'm quite serious about some of those image websites hosting viruses.

    3. Re:Remember kids... by Anonymous Coward · · Score: 0

      You've thanked us for the ad revenues multiple times, and there are no viruses in pic links. Prove it. Link to a picture that will install a virus on my PC. You can't, because there's no such thing.

      You digital jock itch.

    4. Re:Remember kids... by __aaclcg7560 · · Score: 1

      Link to a picture that will install a virus on my PC.

      That would be extremely irresponsible.

      You can't, because there's no such thing.

      Probably because the link got deleted after I requested the page be taken down.

    5. Re:Remember kids... by Anonymous Coward · · Score: 0

      "That would be extremely irresponsible."

      Also extremely impossible.

      "Probably because the link got deleted"

      Then simply give the name of the virus. And no, "WannaCry" isn't it, you digital janitor.

    6. Re:Remember kids... by __aaclcg7560 · · Score: 1

      And no, "WannaCry" isn't it, you digital janitor.

      There is a new version of WannaCry on the Internet. MalwareBytes on my Dell laptop blocked the automatic download of an executable file from a couple of Russian websites.

      http://112.international/society/cyber-security-expert-part-of-virus-attacking-ukraine-could-be-used-in-wannacry-malware-18282.html

    7. Re:Remember kids... by Anonymous Coward · · Score: 0

      Don't click on any dick pic links that appear on Slashdot

      Here is the one I always print when trying to get friends to secure their network. This usually gets the point across and the initial conversation flowing.

    8. Re:Remember kids... by Jeremi · · Score: 1

      Don't click on any dick pic links that appear on Slashdot. Most of those goes back to virus-infected websites.

      Hell, I remember when the dick pics on Slashdot were 100% ASCII-based. And the dicks had wings, for some reason.

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
  12. windows - eternal blue - SMB by johnjones · · Score: 2

    they used windows... they did not turn off SMB 1... their own fault if they are a large company

    John

    1. Re:windows - eternal blue - SMB by ceoyoyo · · Score: 1

      Yeah. This is a good thing. If you're some kind of large company, or especially essential infrastructure, and some Internet thugs can hold you for ransom then it's good you find out now and fix the problem before somebody more serious comes along.

  13. Not Petya by Anonymous Coward · · Score: 0

    If Petya is the ransomware shown in the youtube video that was listed in the article, than Petya is not the malware that is wreaking havoc. This one looks different.

  14. How stupid can some people be? by whitroth · · Score: 1

    They're asking a ransom of $300 in cryptocurrency, according to Bloomberg.

    AND they've hit Europe from Denmark... to Ukraine... to Russia's Rosneft. I expect them in court really soon... assuming that they're not killed resisting arrest.

    1. Re:How stupid can some people be? by Max_W · · Score: 2

      I do not think it is run-off-the-mill individuals who are behind an attack of this magnitude.

    2. Re:How stupid can some people be? by Anonymous Coward · · Score: 0

      Yep, my thinking is the Ukraine/Russia war has escalated the Internet component with lots of collateral damage. Which side is behind the current attack remains to be seen.

    3. Re:How stupid can some people be? by Anonymous Coward · · Score: 0

      I do not think it is run-off-the-mill individuals who are behind an attack of this magnitude.

      Rosneft isn't your run-off-the-mill adversary.

    4. Re: How stupid can some people be? by Anonymous Coward · · Score: 0

      I'm not saying it's the Russians but it's the Russians.
      But it can't be the Russians, Rosneft has been attacked.
      Damn, that logic is watertight, it definitely can't be the Russians.

    5. Re:How stupid can some people be? by Ungrounded+Lightning · · Score: 1

      I do not think it is run-off-the-mill individuals who are behind an attack of this magnitude.

      The magnitude of the attack is not necessarily any more related to the qualifications and sponsorship of the originator than the magnitude of an Influenza epidemic is related to the size of the virus.

      It's a self-reproducing, self-propagating system. The magnitude of its spread is an artifact of its own behavior, the distribution of the vulnerabilities it exploits, and the connectivity of the susceptable machines.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  15. Immediate action to take by Anonymous Coward · · Score: 0

    close TCP ports 1024-1035, 135 and 445

    1. Re:Immediate action to take by ceoyoyo · · Score: 1

      Close all TCP ports. Except maybe 22, if you need remote access. And if you leave it open, disable password access.

    2. Re:Immediate action to take by behrooz0az · · Score: 1

      never use the default port for ssh

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
    3. Re:Immediate action to take by ceoyoyo · · Score: 1

      Changing the port number isn't going to protect you from much. Maybe from a little traffic from casual connection attempts.

    4. Re:Immediate action to take by behrooz0az · · Score: 1

      I don't own many servers so this is completely anecdotal,
      but for me changing the port has reduced the root:root and similar attempts to like 1%; IMO with reduced noise you can see the credible threats if there are any.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
    5. Re:Immediate action to take by ceoyoyo · · Score: 1

      Sure, it would do that. Telling ssh not to accept passwords at all lets you filter all those out as irrelevant and protects you against users (including yourself) who use or reuse easy passwords.

      Plus you can consider all those login attempts as volunteering IP addresses for the blocklist.

  16. is it Windows, mac, linux, ios, android? by goombah99 · · Score: 3, Insightful

    Seems like the story is missing a key piece of information

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:is it Windows, mac, linux, ios, android? by Anonymous Coward · · Score: 0

      Clearly the attack targets iOS devices that have SSH clients from a Chinese app store.

      Are you serious? It's Ransomware, it's a Petya variant, it likely includes EternalBlue code, IT'S TARGETING WINDOWS!

    2. Re:is it Windows, mac, linux, ios, android? by ceoyoyo · · Score: 1

      Nah. If it were anything other than Windows the summary would have gleefully declared it.

    3. Re:is it Windows, mac, linux, ios, android? by Anonymous Coward · · Score: 0

      WRONG. it's targeting SMB which is also on Linux and Mac

    4. Re:is it Windows, mac, linux, ios, android? by farble1670 · · Score: 1

      I had the same question. Everything I can find shows it being Windows XP, or maybe 2k.

      Still running a 15 year old insecure by design, unpatched, unsupported OS? Good luck with that.

  17. Obligatory Bleeping Computer article by Anonymous Coward · · Score: 0

    Bleeping Computer is known for ransomware news. Get the news from the source: https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

  18. Ha ha by Anonymous Coward · · Score: 0

    Lemme guess! M$ windoze? /roflmao

    1. Re:Ha ha by bobbied · · Score: 1

      Lemme guess! M$ windoze? /roflmao

      How did you know? You must be some Zen Master computer hacker or something.... (Or just a script kiddy running the IIS attack from 10 years ago)

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  19. Political agenda much by Anonymous Coward · · Score: 0

    Why is the subject stressing on Ukrainian??? When did Rosneft and Maersk become Ukrainian?
    Did mishmash gave his passwords to Beau.

    1. Re:Political agenda much by Rei · · Score: 2

      Because Ukraine is getting hit by far the hardest? Because they've been the subject of a long string of crippling cyberattacks since the Donbas conflict broke out, including highly sophisticated attacks that took down public utilities - so naturally people assume that this is more along those lines?

      That doesn't mean that this is targeted at Ukraine; it could just be coincidence. But those numbers certainly are skewed. That said, if it was from Russia, they didn't do a good job at preventing it from hitting their own systems.

      --
      "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
    2. Re:Political agenda much by Rei · · Score: 2

      Interesting... ESET has a very different distribution analysis than Kaspersky, and they show almost exclusively Ukrainian targets, with Russia moved way down the list.

      --
      "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
    3. Re:Political agenda much by Anonymous Coward · · Score: 0

      Indeed. It could just be that many Ukraine companies use really old software and don't care much for security?

  20. i read by Anonymous Coward · · Score: 1

    Companies running critical infrastructure on windows boxes learned they better not

    1. Re:i read by Anonymous Coward · · Score: 0

      Nothing to worry about, It's not like aircraft carriers run windows XP or anything.

  21. Putin did it himself, hahaha! by Anonymous Coward · · Score: 0

    Funny, if he personally did it. By using an advanced version of abacus.
    I'm pulling your leg :-) It was the U.S. NSA! And now look at all the mess they made.

  22. PAY IN BITCOIN NOT ETHERIUM by Anonymous Coward · · Score: 0

    Way to go!!!
    This should boost the value of my Bitcoin even more.
    Don't you just love Bitcoin.

  23. Rosneft? Oops. by Anonymous Coward · · Score: 0

    Victim of friendly fire?

  24. Optimal ransom demand? by moeinvt · · Score: 1

    I think the hackers need to hire some ... I don't know ... would it be "actuaries" that could make a good estimate for the ransom amount that would yield the highest total payout? Perhaps they do and I don't know what I'm talking about, but I think $300 per machine must be way above optimal.

    Remember supply & demand curves from econ 101? The lower the price, the greater the demand for your "decryption service". And in this case, the supplier's cost is negligible so the demand curve is all that matters. Demand goes infinite as the price approaches $0, and disappears as the price goes too high. Seem like the sweet spot on that curve would be considerably lower than $300.

    1. Re:Optimal ransom demand? by gnick · · Score: 2

      Demand goes infinite as the price approaches $0, and disappears as the price goes too high.

      Demand will never exceed the number of machines infected - Not infinite. Lower, in fact, because a lot of victims don't have and will not create a bitcoin wallet even for a $1 ransom.

      --
      He's getting rather old, but he's a good mouse.
  25. Did some say cyber?!?! by Anonymous Coward · · Score: 0

    Cyber Cyber cyber

  26. Easy solution by GerryGilmore · · Score: 1

    Don't run Windows!!! Christ, how many critical pieces of infrastructure are built around the most insecure OS in history? Wake up, people!!

    1. Re:Easy solution by johnjones · · Score: 1

      agreed however in a corporate environment people demand them for legacy apps... if thsts the case the system administrators should have turned off SMB version 1 a LONG time ago

      either way there is no way that the companies should have a problem and this is a money spinning exercise for the AV companies who should be given very little money having not solved spam problems...

           

  27. im not gonna get it by Anonymous Coward · · Score: 0

    since my computer is up to date and secure because i use it mainly to masturbate so my leet skillz to avoid viruses are literally off the charts

    sometimes, specially if im hard, i can even spot malicious links just by looking at them, its like a tingling sensation down there, kinda like a spider sense, but in my COCK

  28. All car has always a backdoor, the 3rd or 5th door by Anonymous Coward · · Score: 0

    For deterrent acts against cybercriminals that profit bitcoins, make DDoS to Bitcoin's servers!

  29. when will we learn by Anonymous Coward · · Score: 0

    When will people learn that anything that is closed source should not be used for critical infrastructure projects..
    I'm talking about governments, nuclear facilities, military facilities, and even banks.. there should be a ban on using Windows and anything closed-source, for that matter (unless no good options exists in the open source world in which case, they should build that tool and release it as open source so everyone can use it)

  30. Human employment or Human Backup? by Neuronwelder · · Score: 1

    Maybe I'm wrong, but a lot of problems could be stopped by humans, or human intervention. As far as I know they aren't cyborgs yet, and are still immune to digital viruses. Sure you might spend a few bucks more on a human, but I see advantages to doing this.

  31. snapshots (read-only) by Anonymous Coward · · Score: 0

    Disconnected backup/restore.

    These sorts of malware are perfectly capable of encrypting a connected external or network drive.

    For enterprise-y environments, snapshots (which by definition are read-only) should be sufficient. They're not a replacement for backups, but it's handy to have a few days' worth since the most common problem is a fat finger deletion, and if they're in a .snapshot/ dir then it's a self-service operation for users.

    (I would call a 'read-write snapshot' a clone of the data.)