Ransomware attack isn't over

The only thing that kept Friday's ransomware attack from being truly devastating was because of one lucky 22-year old IT worker in England.

“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second...
He warned people to patch their systems, adding: “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

The kid's warning could not be more true. Within 24 hours IT experts noticed new versions of the ransomware without the kill switch.

Today security experts warned that Monday could get pretty ugly.

Security experts are warning that the global cyberattack that began on Friday is likely to be magnified in the new workweek as users return to their offices and turn on their computers.
Many workers, particularly in Asia, had logged off on Friday before the malicious software, stolen from the United States government, began proliferating across computer systems around the world. So the true effect of the attack may emerge on Monday as employees return and log in.
Moreover, copycat variants of the malicious software behind the attacks have begun to spread, according to experts. “We are in the second wave,” said Matthieu Suiche of Comae Technologies, a cybersecurity company based in the United Arab Emirates. “As expected, the attackers have released new variants of the malware. We can surely expect more.”
The cyberattack has hit 200,000 computers in more than 150 countries, according to Rob Wainwright, the executive director of Europol, the European Union’s police agency.

Obviously some people have pointed fingers at Russia, but that only proves that they don't know much about computers. Ransomware attacks are so pedestrian these days that you could pay for one.

There is even now a concept of “ransomware as a service” — a play on the Silicon Valley jargon “software as a service,” which describes the delivery of software over the internet.
Now anyone can visit a web page, generate a ransomware file with the click of a mouse, encrypt someone’s systems and demand a ransom to restore access to the files. If the victim pays, the ransomware provider takes a cut of the payment.
Ransomware criminals also have customer service lines that victims can call to get help paying a ransom. There are even live chat options. And while some amateur ransomware attackers may not restore victims’ data once the ransom is paid, the more professional outfits worry that if they do not decrypt a victim’s data, their reputation and “business” may suffer as a result, Mr. Rebholz said.

I'm a big SciFi fan, especially the old classics.
One of my favorite authors is Arthur C. Clarke.
One of his books, Rama II, is definitely not one of his better books and I don't recommend it, but it does open with an interesting premise.
It starts with the collapse of western civilization, not from war, plague, or environmental disaster, themes that are so overused by dystopian writes these days, but from a financial crisis that crashes the global computer systems. The interesting take is how no one has cash anymore, so if the banks and credit systems go down for a few weeks people go hungry and supply systems collapse.
A really effective computer virus could do the exact same thing. Not this one, obviously, but theoretically it is possible.

"Since cash had long ago become obsolete, only eccentrics and collectors had enough banknotes to buy even a week's groceries. People began to barter for necessities. Pledges based on friendship and personal acquaintances enabled many people to survive temporarily. But the pain had only begun.
...By the time normal electronic activity had been restored, the world was in a violent financial downspin that would not bottom out until twelve years later."

- Arthur C. Clarke

Tags: 
Share
up
0 users have voted.

Comments

CB's picture

from an anti-virus USB stick.

Instead of "Hey Buddy, does your computer look like this when you turn it on?"

up
0 users have voted.

@CB
There is more than one anti-virus company that will give you an iso image for an anti-virus boot CD/USB.

Plus, you could always boot to a linux live CD/USB.

The problem is so many people who don't know this, and the amount of resources necessary to do this.

I'm fretting going into work tomorrow.

up
0 users have voted.
CB's picture

@gjohnsit
when they were steam powered. Companies should send someone in early and unplug and label the computers do not turn on until authorized. What's worth more - a few days work or a year of data?

up
0 users have voted.
PriceRip's picture

          When Wall Street monetizes it the end will be nearer than it appears in the mirror.

up
0 users have voted.
lotlizard's picture

all over the country. A huge pain for the German railway system Deutsche Bahn, as well as its passengers.


— photo illustrating this article about the WannaCry ransomware attack I found on the website of Heise, German publisher of the computer magazine c’t

Not reassuring to see how much infrastructure depends, behind the scenes, on some poorly maintained Windows system.

up
0 users have voted.

It is extortion by Microsoft at this point. Please, don't use Windows until these ports are blocked on the machine you're on if it is online. Don't count on being behind a firewall at work, I don't know what "enterprises" think they're going to do. Good luck. These are the ports to close if you know how to use a firewall:

microsoft-ds....445/tcp
microsoft-ds....445/udp
netbios-ns......137/tcp....#NETBIOS Name Service
netbios-ns......137/udp....#NETBIOS Name Service
netbios-dgm.....138/tcp....#NETBIOS Datagram Service
netbios-dgm.....138/udp....#NETBIOS Datagram Service
netbios-ssn.....139/tcp....#NETBIOS Session Service
netbios-ssn.....139/udp....#NETBIOS Session Service

And you may ask yourself, why didn't Microsoft just use standard protocols like the rest of the Internets? I mean netbios? c'mon people have no idea how inappropriate that ancient chatty network code is. It has no business being on the Internet, that's what I think. By the way, it is Halloween Documents, not Papers like I said in another comment.
Archive is here: http://catb.org/esr/halloween/
FAQ: http://catb.org/esr/halloween/faq.html

Quote of MS strategy back in the day:

* Linux can win as long as services / protocols are commodities.

* OSS projects have been able to gain a foothold in many server applications because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects entry into the market.

* The ability of the OSS process to collect and harness the collective IQ of thousands of individuals across the Internet is simply amazing. More importantly, OSS evangelization scales with the size of the Internet much faster than our own evangelization efforts appear to scale.

Fear of the commons gaining strength back then, of course they had to destroy it, not enough profit to satiate Gates.

Now, the stink of fear over stock price brings CYA, yet another acronym: Microsoft president blasts NSA for its role in 'WannaCry' computer ransom attack
Thanks.

up
0 users have voted.