Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Telemetry Shows Petya Infections in 65 Countries Around the World (microsoft.com)

Posted by msmash on from the ransomware-spreads dept.

From a blog post by Microsoft: On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the United States. The new ransomware has worm capabilities, which allows it to move laterally across infected networks. Based on our investigation, this new ransomware shares similar codes and is a new variant of Ransom:Win32/Petya. This new strain of ransomware, however, is more sophisticated. [...] Initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MEDoc. Although this vector was speculated at length by news media and security researchers -- including Ukraine's own Cyber Police -- there was only circumstantial evidence for this vector. Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process. A New York Times reports how rest of the world is dealing with Petya. From the article: A fuller picture of the impact will probably emerge in the coming days. But companies and government offices worldwide appeared less affected than the WannaCry attack, notably in places like China, which was hard hit in May. Reports from Asia suggested that many of the companies hit were the local arms of European and American companies struck on Tuesday. In Mumbai, India, a port terminal operated by A.P. Moller-Maersk, the Danish shipping giant, was shut after it disclosed that it had been hit by the malware. In a statement, Indian port authorities said they were taking steps to relieve congestion, such as finding places to park stranded cargo. The attack shut the terminal down on Tuesday afternoon. On the Australian island of Tasmania, computers in a Cadbury chocolate factory owned by Mondelez International, the American food company, displayed the ransomware message, according to the local news media.

16 of 86 comments (clear)

  1. MS Users Deserve It by Anonymous Coward · · Score: 5, Insightful

    Companies and individuals that choose Windows deserve what they get. An inherently insecure operating system, which they have no control over.

    Companies and individuals that do not back up their data deserve what they get. Total data loss.

    Companies and individuals that pay ransomware authors deserve what they get. More malware targeted at their systems.

    1. Re: MS Users Deserve It by GreatKhalCaleb · · Score: 2, Funny

      Found the screeching Linux fanboy.

    2. Re:MS Users Deserve It by IWantMoreSpamPlease · · Score: 4, Insightful

      >>Companies and individuals that choose Windows...

      You have no idea what you are talking about. Furthermore, plenty of mission critical, and hell, even day to day, software, ONLY runs under Windows. So you want to do business, you have no choice, MS or nothing.
      And no, WINE won't cut it, many software packages refuse to run under emulation (we have several that way) and are programmed to look for such an environment (including VMs) and shut down if they encounter it.

      I'm a linux fan, but people like you aren't helping linux, you're hurting it.

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
    3. Re:MS Users Deserve It by Paradise+Pete · · Score: 2

      it is the gold standard for 90% of the worlds business

      It's the norm. It's not the "gold standard." That means something different. If it were the gold standard that would mean it was the clear best, the one that all others aspire to and are measured against.

    4. Re:MS Users Deserve It by unrtst · · Score: 5, Insightful

      You are exactly the person the GP was referring to.
      You acknowledge that you (or some business) has purposefully chosen software that ONLY runs under windows. That software goes out of its way to ensure you can not run it under emulation (as opposed to embracing those common libraries and making minor updates to make it compatible, as other providers have done). Then you embrace the hole you were shoved into, rather than finding software to avoid these endless recurring issues.

      There was no mention of Linux anywhere in the GP post, but you dragged that in. You say you're a linux fan, but I don't buy it. You refer to this guy like he's a nutter, and then associate him with Linux. How is that something a Linux fan would do? Or maybe you referred to Linux because you believe it's secure and/or less vulnerable to these issues?

      It's not like you simply don't remember the past, and so are condemned to repeat it. You know it, and still make that decision. Yep, you deserve what you know you are going to get.
      [Morrison] https://www.youtube.com/watch?...

    5. Re:MS Users Deserve It by LordWabbit2 · · Score: 2

      Sometimes it's easier said than done. If the software package your company relies on will only run on windows then you are a bit stuck. Sure you can look for an alternative (and probably free) version of it for linux, but what if there isn't one? What do you do then?

      I do agree about the backups though, regardless what platform you are on, back your shit up.

      --
      There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    6. Re:MS Users Deserve It by Dunbal · · Score: 3, Interesting

      Seems you conveniently forgot what ultimately caused all of this shit.

      Microsoft leaving an unpatched security hole in their OS for well over a decade caused all of this. It remains to be seen whether they did this INTENTIONALLY in collusion with the CIA/NSA, trusting in "security by obscurity", or through plain old negligence/incompetence. It's pretty obvious that when the chips are down they will plead the latter, but many suspect it's the former.

      --
      Seven puppies were harmed during the making of this post.
    7. Re:MS Users Deserve It by IWantMoreSpamPlease · · Score: 2

      Fair enough. Do, please, find me Open Source alternatives for the following software packages, so I can tell the laboratory I work for, to dump all Windows-only software, that has been certified that the results will hold up legally in court, and run this new stuff that you have found:
      https://products.appliedbiosys...

      ChemoView by AB Sciex
      NI Curl
      NI Dynamic Acquisition
      NI MetaSuite
      WinTox
      SmartCycler/LightCycler

      Most of these software packages run on multi-million dollar laboratory instruments, FYI. Some of them, *mandated* by the Federal gov't, ONLY run under WinXP SP1 (how's that for a gotcha?)

      As far as Linux goes, I stand corrected, someone else pointed out he must be a raving Linux fan as only they can be so blind as to think Linux solves all issues.

      So, do find me alternatives, and that's just for starters. Much of what we run is very specialized and.simply.doesn't.exist outside of the Windows environment.

      Step into the real world of business one day, you'll see what works, and what doesn't.
      (BTW, I'm working, in my own time, on RNNs through Ubuntu 16.04 LTS and CUDA supported nVidia cards. I am a Linux fan)

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
  2. Microsoft's infection detecting other infections by JoeyRox · · Score: 4, Funny

    How Inception-like.

  3. Who owns this malware ridden OS? by Anonymous Coward · · Score: 2, Interesting

    Since we don't 'own' the OS anymore, but simply license it for our use, doesn't that put the responsibility of a malware infection squarely on the 'owner' of the OS?

  4. Telemetry by ichthus · · Score: 4, Funny

    Welp, I guess that's one good use for Microsoft's spyware *cough* d'ah I mean, telemetry. Now they can see how many of their customers' systems are infected with malware in real time. Sure, if you can't secure the OS, why not then grab a bucket of popcorn and enjoy the fun?

    --
    sig: sauer
    1. Re:Telemetry by Big+Hairy+Ian · · Score: 4, Interesting

      I think the interesting thing here is even 15 year old unsupported M$ OSs are bleeding telemetry.

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    2. Re:Telemetry by infolation · · Score: 2

      If they spent less time building telemetry into their systems to check how malware-infested they are, and more time actually securing their systems against the malware, they'd have less of this damn ransomware nonsense.

  5. Re:Act of war by Big+Hairy+Ian · · Score: 4, Insightful

    Let's not bullshit or pretend that being "techie" makes it somehow better. Malware = terrorism. And yes, that swings both ways.

    Actually Malware = Extortion in this instance

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  6. infected by roc97007 · · Score: 4, Funny

    Yeah, I know, my machine got infected. I know 'cuz I got a call just the other day from a very helpful person. "Hello, I'm from The Microsoft, ok? I'm calling you about your computer, ok? Your computer is infested with the viruses, ok?" He helped me straighten it out. Cost me $300 and my machine runs a little slower now, but I'm sure it was worth it.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  7. Re:Act of war by WaffleMonster · · Score: 3, Insightful

    Let's not bullshit or pretend that being "techie" makes it somehow better. Malware = terrorism. And yes, that swings both ways.

    Behind every act of terrorism there is political demands to enforce rules backed by threat of violence from an external entity challenging a states monopoly on violence.

    Malware is generally just another criminal commercial money making enterprise. Whether it's a group of poor Canadian crackers looking to enrich themselves or multi-national corporations (e.g. Microsoft) profiting off distribution of malware.. it may be illegal or immoral yet without the political demands it is not terrorism.