Slashdot Mirror
Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World (vice.com)
A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world. From a report: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations (a non-paywalled source), the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement. BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland."
According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."
According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."
http://www.bbc.co.uk/news/tech...
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
This appears to be a new variant. No confirmation yet as to whether or not the previous decrypter still works.
https://isc.sans.edu/forums/diary/Widescale+Petya+variant+ransomware+attack+noted/22560/
"According to the Verge article, today's ransomware appears to be a new Petya variant called Petyawrap."
https://twitter.com/craiu/status/879692523102511104
The fast-spreading Petrwrap/Petya ransomware sample we have was compiled on June 18, 2017 according to its PE timestamp.
Careful with just doing mirrors and/or rotating snapshots / tapes: by the time the ransomware reveals itself, your backup process may already have cheerfully overwritten your files in backup with encrypted versions.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
That's why you don't just rotate the snapshots, you organize them into tiers.
For example, the setup I use is: I keep yearlies, monthlies, 1-11-21th day of month, dailies, and (for two machines) 3-hourlies. Yearlies and monthlies don't expire other than manually, others keep 10 of their kind.
If you use btrfs on the backup machine -- with dedupe and compression -- all of this takes surprisingly little space compared to other forms of backup, yet any individual snapshot is available straight as a mounted filesystem, without any extra steps.
Obviously most machines have pull backups: since root privs are needed, it's the backup machine that can control the backupees.
I also have disconnected backups, although I haven't automated that yet.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.