Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software

An anonymous reader quotes a report from Bleeping Computer: Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory. Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware.

Microsoft needs to update

Where's your "Total Cost of Ownership" now, Redmond?

Re:Microsoft needs to update

The same place as "I'm a stupid moron who can't manage to install automatic security updates". They tend to congregate at the "I'm a stupid moron who can't correctly configure my OS and network infrastructure".
Frankly I am still amazed that the ass hats running the extortion ring think Bitcoins cannot be traced. All it takes is doing something that catch the attention of the various intelligence agencies causing them to expend a little of their considerable resources to track down and eliminate these criminals. The minute someone describes these type of attacks as a threat to National Security the perpetrators are basically fucked.

And seeing how Russia got hammered in this attack I doubt they will be extending asylum to anyone fleeing in their general direction. If the US gets their hands on the perpetrators first maybe Russia would be open to making an exchange with the US. Russia must have access to someone the US really wants and after all Trump is a deal maker.

Hell at the very least killing the main and secondary players of these schemes should serve as an adequate deterrent to others thinking of doing the same thing. It may even make an impression on the idiots who think crimes committed using only their computer the Internet are not really "real world" crimes worthy of any punishment. Pirating music and movies are not crimes because it is not like breaking in to the Amazon warehouse and loading CD's and DVD's into the trunk of the car.

Re:Microsoft needs to update

Incorrect, people running Windows 10 Enterprise, fully patched, still got infected.

Re: Rewarmed malware finds some networks?

[AHuxley]

Lets consider some real nation backed code found in the wild over the years and read about what the reaction was? By experts, the security services and AV vendors.
The Inside Story of How British Spies Hacked Belgium’s Largest Telco (December 13 2014)
https://theintercept.com/2014/...
".. The hack would remain undetected for two years, until the spring of 2013."
When a nation does it the method works, stay in place and is undetected. Not an in the wild, random malware effort thats detected by AV.
What happens when something really interesting is detected? All over the news? Global experts?
Lets keep reading to find out what happened later. Same wide in public discussion like now?
" ... never got a chance to study the routers."
The story of Stuxnet https://en.wikipedia.org/wiki/... ?
The story of Equation Group https://en.wikipedia.org/wiki/...
'been active since at least 2001, with more than 60 actors"
Some history of Longhorn https://www.symantec.com/conne...

When nations do their cyber things, they do it to a good standard, the really code works and not many people get to read about it in the news in real time.
Nations also really, really try not to risk their own domestic systems.
Nations don't talk much about what they find or let their staff talk about results in real time.
Very different to the average gov reaction to malware that spreads randomly and does malware things. People talk, the news is told details. Sites talk about the news. AV vendors talk.