Not sure is this is just limited to Ukraine......

Maersk says IT breakdown could be global
http://www.dailymail.co.uk/wires/reuters/article-4643566/Maersk-says-IT-breakdown-global.html#

The sites of the National Police and the Cyber Police are inaccessible and served from the cache as of 16:40:


16:18 Oshchadbank state bank limited services for clients due to a "hacker attack", ATMs don't service clients.

Crimean Tatar #ATR TV channel was attacked, however it keeps broadcasting.

Ukraine interior minister adviser says believes cyber attacks originated from Russia.
http://reut.rs/2sdut4H

It is in fact being directed and controlled from Russia..end of story...

Russia was not cut out off SWIFT for its war against Ukraine. Instead, she blocked financial trasactions in Ukraine.

PayPass is down as major banks in Ukraine have been attacked by Russian hackers on the eve of Ukraine's Conatitution Day.

Deputy head of SBU: our experts have identified "body" of the #CyberAttack virus and study it. This type of virus wasn't seen/used before.

Coincidentally, this article from two days ago re cyber attacks on Ukraine.

https://www.axios.com/what-russias-cyberattacks-against-ukraine-can-tell-us-2447009428.html?utm_source=twitter&utm_medium=twsocialshare&utm_campaign=organic#
…

Russian first hacking and then release of a new variant of Wannacry MS SMB ransomware first against Ukraine is now bleeding into the rest of Europe....


This ransomware did not insert itself in the usual manner of having the end user clink of the wrong link and or via phishing..this was inserted in the hacked network and then worked its way to a pc...evidently the Russian cybersecurity company Kaspersky knows nothing of the variant which is unusual as they seem to know what is floating out in the dark net from Russian developers....

Major ransomware virus hits computer servers across Europe:
http://reut.rs/2rXEBKB

PM @Groysman called the attack "unprecedented" but added that "vital systems haven't been affected" - AFP

Russian Rosneft stated in their press release that they had been hit as well...RIGT now that stands as a blatant lie..they still are up and running and the other reported Russian companies were not touched as well by this attack....

Rosneft a part of "plausible deniability" scenario?

Most certainly....especially if you really understand the irony in their press release...as if they were not even concerned.....VS the panic outbreak in Russia when in fact the entire country got hit with Wannacry......

Russia's cyberattack hit Chernobyl computers. Fortunately, radiation monitoring & other systems are operational.

Has been shifted to manual operations....

.@Europol "urgently responding" to reports of the Petya ransomware attack hitting European businesses

JUST IN: Norway's National Security Authority says ransomware attack ongoing, affects 'one international company'

Maersk‏#
@Maersk
We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.

NOW this is in fact interesting to say the least...Kaspersky is usually well informed.

Kaspersky Lab analysts say new attacks are not a variant of Petya ransomware as publicly reported, but a new ransomware they call NotPetya

Analysis is coming faster from field IT types than from Kaspersky....

I am on a train analysing Petya. I think this will be bigger than WannaCry. It's much better designed. Has automated lateral movement.

Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down
http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1/#

KEY....this attack started in Ukraine as the main initial target.......with bleed over into other countries simply because the internet is the internet......

Right now there is no evidence that the number of Ukraine firms hit was caused by phishing...a large number were actually hacked and the malware inserted into the network and then it spread on its own due to the ability to move laterally.....

List of Ukrainian companies & agencies whose websites were attacked on June 27 (live updates)
https://en.censor.net.ua/news/445650/list_of_ukrainian_companies_and_agencies_whose_web sites_were_attacked_by_hackers_on_june_27_live_upd ates#

Interesting to say the least.....

Not confirmed and the company denies it was their update causing the attack....appears if true to have used an app to transfer the malware kind of an end run hack using an app...again if true....

Ukrainian Cyber Police on MeDoc vulnerability, -latest "auto update" of app was hijacked by Petya.

And hit all computers with MeDoc

Following elimination of the malware is now being used...

It seems if you run fixdisk /all and reboot the computer you get rid of NotPetya malware.

Not so sure the malware coders actually thought this kill trigger through when they were coding NotPetya......

There seems to be differing statements as to exactly what the malware was from yesterdays attack.....NotPetya or Goldeneye.....both being ransomware....

But if the literature and all the researchers are correct both are distributed via phishing attacks...and here is where the problem begins....

That would in fact mean that whoever turned it loose has spent the last several months infecting computers when users fell for a particular phishing style...AND that had to be done in countless networks and in countless companies across of all Ukrainer yesterday

The problem is then once it is triggered we would have seen the instant screen pop up demanding a ransom of 300 USD in bitcoin....

So to believe that suddenly and thoroughly all across Ukraine yesterday all Ukrainian computer end users simply clicked on a phished email is nothing but stupid to say the least...and that in multiple different types of businesses and networks with varying degrees of security.

Especially since this version seems to travel laterally ...question then arises is ...was the targeted network first hacked and then the ransom injected into the network....

BUT then we had some good analysts saying it was a ransomware version called Petwrap.....also designed to address the#Windows SMBv1 vulnerability.

BUT again all of these different ransomware types still takes a successful phishing campaign....and again hitting all networks and all types of business models at the same time takes a well thought out attack plan and it takes the end users to be clicking on that phished email all at the same time....which is totally unnormal human behavior which phishing is designed to use in its favour.....

At the same time this so called ransomware attack was ongoing there was a series of actual hacker attacks which hit all of the business models that were affected....and either routers and then switches were attacked and downed but only for a certain period and then they came back on line after they rebooted....and rebuilt their routing tables....

So was this deliberate hacking event the trigger for the sudden and widespread explosion of a ransom malware attack....

KEY is the Kaspersky statement where they stated early on that this is a malware never seen before.....Petya...NotPetya...Goldeneye.....Petwra p have all been seen before in both the wild and in attacks....so why would Kaspersky state this is something totally new and which has not been seen before???

So exactly how does a group of ransomeware using normally in the past get into a network without phishing????

Secondly, another bad news is that currently, only a small portion of antivirus software is able to detect the threat, according to VirusTotal, only 15 out of 61 anti-virus services are able to detect Petwrap.

This paragraph from a security organization points to what I am saying....


Do not open unsolicited emails or messages from unknown senders – Many ransomware variants are distributed through phishing attacks or email attachments. Increased mindfulness when handling ‘suspect’ emails can be effective in combating ransomwareSo if this version is one designed to attack the Windows SMBv1 vulnerability and phishing was not the delivery system ..what was it then???

AND if many MS users conducted their MS March 2017 patching session then they should not have been affected.....WHICH after the Wannacry attack actually did occur especially in Ukraine and other countries that got hit by Wannacry.....

So how did this ransomware sidestep phishing and sidestep the MS patch??

AND why did it not trigger a large number of anti viral software packages.....

But this from a rather good security blogsite tends to confirm what I am saying as well....


Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker group calling itself the Shadow Brokers.

Microsoft released a patch for the Eternal Blue exploit in March (MS17-010), but many businesses put off installing the fix. Many of those that procrastinated were hit with the WannaCry ransomware attacks in May. U.S. intelligence agencies assess with medium confidence that WannaCry was the work of North Korean hackers.Russian security firm Group-IB reports that Petya bundles a tool called “LSADump,” which can gather passwords and credential data from Windows computers and domain controllers on the network.


Nicholas Weaver, a security researcher at the International Computer Science Institute and a lecturer at UC Berkeley, said Petya appears to have been well engineered to be destructive while masquerading as a ransomware strain.
Weaver noted that Petya’s ransom note includes the same Bitcoin address for every victim, whereas most ransomware strains create a custom Bitcoin payment address for each victim.
Also, he said, Petya urges victims to communicate with the extortionists via an email address, while the majority of ransomware strains require victims who wish to pay or communicate with the attackers to use Tor, a global anonymity network that can be used to host Web sites which can be very difficult to take down.
“I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,” Weaver said. “The best way to put it is that Petya’s payment infrastructure is a fecal theater.”Here is the problem....Wannacry was declared by US IC probably NSA with a degree of confidence that it was released by NK.....

Our active ongoing research in assistance to two Ukrainian IT companies indicated control servers sitting deep inside Russia which we took offline to their surprise....but wait NSA stated the previous attack was by NK....

What is the connection now between NK state sponsored military hacking and individuals sitting deep inside Russia....??? Criminals working for RIS and or on their own OR outright RIS......

This my assumption as well....so any of the above combination of who was using it in Russia....
“I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware”


If we accept that Ukraine has been the test bed by Russian state sponsored hacking of critical infrastructure since 2015 with three attacks and if we accept there have been other such attacks by Russian hackers in Baltic power grids and if we accept that Ukraine is in fact the Russian cyber attack testbed.....then this comment cements the concept of a deliberate cyber attack using ransomware as a disguise...

The attack if one looks at the Ukrainian networks hit....reads like a military air strike target list except just on an economics level.....banks, telecos, major fuel companies causing a shortage of fuel, food markets, airports, government agencies, news media, power grids and power generation, etc...ALL designed to create a certain level of civilian panic

The connection between a COL in the Ukrainian SOF Military Intelligence who had just returned from the Minsk front line and who was responsible for the collection of evidence of Russian military involvement for The Hague ICC is killed by a car bomb in Kyiv in the early morning timeframe and the "so called phishing attack" started almost immediately after that attack is not just a single lonely coincidence....

This was a deliberate and well thought out cyber attack using a new strain of NK released previous ransomware being used by Russians in Russia to sent a Russian warning to the West.....

REMEMBER NK military is also in the business of making money for the government and if the price is right software always changes hands in the middle of the night these days....either to criminal gangs or to state sponsored groups...

BTW...this is exactly what we saw yesterday...this type of data being exfiltrated out of attacked networks...thus making it not so easy but doable..tracking it to their control and command servers....which in this case ended in Russia.....

Russian security firm Group-IB reports that Petya bundles a tool called “LSADump,” which can gather passwords and credential data from Windows computers and domain controllers on the network.

This type of gathered data is important for future attacks on the compromised networks...

This is key as it indicates that while the ransomware was the issue this was running in the background....LSADump which was programed into the malware this indicating that hackers were in actual control of the malware attack.....

Effects#
Lsadump is a hacking tool. These tools, even though they are not by nature viruses, are considered as dangerous to victims of attacks.

Means of transmission

Lsadump does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
Further Details
Lsadump has the following additional characteristics:
It is written in the programming language Visual C++ 6.
It is 32768 bytesi in size.

I am still puzzled though by the Kaspersky statement yesterday that defines this malware as something new...

They also stated that it was an complex attack using multiple attack vectors...meaning different attack methods and directions BUT that their anti viral detector picked it up under a generic filter......

Which is strange that a generic detector was available to detect a not previously seen in the wild totally new strain that they were not aware of....that comment in itself is unusual even for Kaspersky.

Also sitting outside of the malware attack zone they were quick to state and stated early before much was known at the time ...a complex attack from multiple attack vectors......

Local kill switch has been found in Petya malware.
https://twitter.com/ptsecurity/status/879766638731591680#

This is what Russian military jargon types would call an "asymmetric response".

Shadowbrokers (~ adversary intel agency), tagging Petya, seem to escalate by threatening dump against ex-NSA member
https://web.archive.org/web/20170628070827/https://steemit.com/shadowbrokers/@theshadowbrokers/theshadowbrokers-monthly-dump-service-july-2017#

.@CarbonDynamics:
Petya is fake Ransomware, not designed to make money, but to spread fast and cause max damage

"Petya" attackers knew that M.E.DOC will impact mostly Ukraine, all other infections are "side effect". Not Criminal act but Cyberwar

M.E.DOC was doing an upgrade and evidently the Russian hackers got their malware into the upgrade routine thus it hit all of Ukraine at virtually the same time....no analysis so far indicates that it came in via phishing BUT it does indicate the possibility of a direct hack and malware injection into the upgrading code patch.....

THIS supports my assumption that this was in fact a Russian state sponsored attack directed straight at Ukraine....

TASS is authorized to declare: Russian also suffered a cyberattack but due to superiority of Russian cybersecurity expertise, no outages.

BUT WAIT...the only confirmed attacks were really just written press releases with not a single Russian citizen complaining of anything unusual happening.

Rosneft the Russian state owned oil company was the only real company "complaining" but indicators seem to point to actually nothing happening to their networks...

So how does one explain the simple fact that Ukraine next door to Russia and Russia has not a truly recorded hacking attack and or malware attack....

Kaspersky mentioned some customers were attacked in Russia BUT does not name them.....

Assumption...Russia knew the attack was coming.

THAT was the reason Kaspersky had a generic filter to detect it and was able to suddenly rush a new filter quickly to their customers...it was already known to them....

BUT WAIT.....only a single malware attack reported in the Russian occupied eastern Ukraine.....that is strange...SO it can be assumed Russia knew the attack was coming....

.@CarbonDynamics:
Petya is fake Ransomware, not designed to make money, but to spread fast and cause max damage

MEDoc is a Ukrainian-only tax accounting program. Exploiting its vulnerabilities proves that Ukrainian IT structures were targeted by #Petya

THIS was not another so called NK Petya ransomware attack....

AND with the entire world reading Trump tweets as he pounds them out...notice the sheer silence from the WH on this confirmed hacking report.....


ABC News‏
@ABC

NEW: Federal authorities investigating breach into computer systems of at least one U.S. nuclear power plant.
http://abcnews.go.com/Politics/us-nu...ry?id=48314345

BUT WAIT...Trump called also ABC FAKE News so maybe we should ignore this report....

NOW this is interesting because if Petya made into the business side then LSADump was started which means all passwords and domain controller information was sent back to the hacking site from which Petya came...namely Russia....

AND that Trump 90 day cyber protection plan is exactly what again......crickets.......are all I hear lately from Trump's fast tweeting fingers...

This major malware attack was a massive cyber attack on Ukraine and really no one else....interesting is just how far it bled into other areas....and countries....

SO after the previous massive cyber attack with Wannacry this nuclear plant did not do the MS MARCH 2017 patching which would have prevented this from happening.......

Confirms what I have been posting this was a dliberate targeted Russian cyber attack....

Ransomware attack 'not designed to make money', researchers claim
https://www.theguardian.com/technology/2017/jun/28/notpetya-ransomware-attack-ukraine-russia?CMP=share_btn_tw#
…

BREAKING: FedEx says TNT Express operations disrupted in Tuesday's cyber attack, all other services operating normally

"Misleading by Mistranslation" -
https://medium.com/dfrlab/misleading-by-mistranslation-38f4bb342aa?source=rss----df0d49d8c59b---4#

NATO Secretary General @jensstoltenberg said the next cyber attack could result in war

Russian troll claiming Ukraine is Russia's testing ground (property) @GicAriana projects RF control while asserting outrage at the idea.

She uses multiple sock accounts....to achieve this.....

Russian attack inside Ukraine is getting now interesting ......in this article they talk about one attack vector.......Kaspersky in their press release talks about multiple attack vectors......

And this is even more interesting no one has identified where within the upgrade the malware was inserted....that needs to be answered...... and it does not explain how it "lept" to other locations

Still does not explain a set of actual network hacking attacks to gain entry.....

https://www.bloomberg.com/news/articles/2017-06-28/microsoft-analysts-see-hack-origin-at-ukrainian-software-firm


Attack Goes Global
Microsoft Corp., cybersecurity analysts, and Ukrainian police say the global hack that has disrupted companies across the globe can be traced to a Ukrainian accounting software producer called M.E.Doc.
The cybercrime unit of the Ukrainian police said late Tuesday that a software upgrade from M.E.Doc unwittingly contained the virus. Microsoft said in a blog post that the initial infection “appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc” and that it has evidence that some active infections started from the software maker’s updates.
“One infection vector used in this campaign was the M.E.Doc software,” John Miller, senior manager at cybersecurity firm FireEye, said in an email. Aleks Gostev, Kaspersky Lab’s chief security expert, also said M.E.Doc appeared to be the source of the malware.
M.E.Doc did not respond to requests for comment. In a Facebook post M.E.Doc said “major anti-virus companies” had vetted its software and that it#has no responsibility for spreading the virus. The company said that like other victims, some of its services had been affected by the attack, and that it’s working to restore them.
The attack Tuesday popped up in government systems in Kiev, then disabled operations at companies including Rosneft PJSC, advertiser WPP Plc, and the Chernobyl nuclear facility. More than 80 companies in Russia and Ukraine were initially affected, Moscow-based cybersecurity company Group-IB said. The hack quickly spread from Russia and Ukraine through Europe and into the U.S. and Asia.
A.P. Moller-Maersk A/S, one of those hardest hit by the attack, has shut down systems across its operations as it assesses the full impact. The container carrier has posted a job announcement in Kiev seeking staff with M.E.Doc experience.

Agree with this......

Estonia cyber attack of 2007 was child's play compare to this. The latest attack was probing of deep penetration.

Why major companies like MS or FireEye are pointing to this is interesting...

The deep probing refers to the coupling of LSADump with the malware.....

Again.....Kaspersky knew of multiple attack vectors.......how and why???


There was speculation, however, among some experts that once the new virus had infected one computer it could spread to other machines on the same network, even if those devices had received a security update.



"Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process," it said in a technical blog post.


Russian security firm Kaspersky said a Ukrainian news site for the city of Bakhumut was also hacked and used to distribute the ransomware to visitors, encrypting data on their machines.

Over the next days we will see more attack avenues come out.....

Petya/notpetya apparently a sabotage program that wipes stuff.
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b#

Petya.2017 is a wiper not a ransomware


Ransomware-as-a-service soon to be renamed Lure-as-a-Service
TL;DR: The ransonware was a lure for the media, this version of Petya actually wipes the first sectors of the disk like we have seen with malwares such as Shamoon.
What’s the difference between a wiper and a ransomware#?
The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration.
Yesterday, we provided a preliminary analysis where we demonstrated that the 27th June 2017 version of Petya leveraged SMB exploits ETERNALBLUE and ETERNALROMANCE.
Today, we spent more time to understand how the files could be retrieved and how the actual MBR and MFT was being encoded.
Fortunately, there are multiple excellent existing analysis from 2016 Petya that have been published last year in multiple languages such as French, or English [1, 2]. Today, Microsoft published a very descriptive analysis of the 2017 Petya but for some reasons missed the below part.
542a38bf52afa6a4a008089a6fbf22c9d68ef5d6c634dd2c07 73d859a8ae2bbf (2016)
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b 30f6b0d7d3a745 (27th 2017)
After comparing both implementation, we noticed that the current implemented that massively infected multiple entities Ukraine was in fact a wiper which just trashed the 25 first sector blocks of the disk.
The first sector block is being reversibly encoded by XORed with the 0x7 key and saved later in the 34th block. But since it replaces it with a new bootloader (41f75e5f527a3307b246cadf344d2e07f50508cf75c9c2ef8 dc3bae763d18ccf) of 0x22B1 bytes it basically sets v19 to 0x19 (25).
16.0: kd:x86> ? 0x22B1 - (0x22B1 & 0x1FF) + 0x1024
Evaluate expression: 12836 = 00003224
16.0: kd:x86> ? 0x00003224 >> 9
Evaluate expression: 25 = 00000019
That would mean that 24 sector blocks following the first sector block are being purposely overwritten, they are not read or saved anywhere. Whereas the original 2016 Petya version correctly reads each sector block and reversibly encode them.
2016 Petya modifies the disk in a way where it can actually revert its changes. Whereas, 2017 Petya does permanent and irreversible damages to the disk.
On the left, we can see the current version of Petya clearly got rewritten to be a wiper and not a actual ransomware.


THIS is the important part of the article....


We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon.

Lately, the number of attacks against Ukraine increased from Power Grids being shut down to the car a top military intelligence officer exploding yesterday — the day Petya.2017 infected Ukraine.

The fact of pretending to be a ransomware while being in fact a nation state attack — especially since WannaCry proved that widely spread ransomware aren’t financially profitable — is in our opinion a very subtle way from the attacker to control the narrative of the attack.[/B]

Petya/notpetya apparently a sabotage program that wipes stuff.
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b#

Petya.2017 is a wiper not a ransomware



THIS is the important part of the article....

Actually this has been now confirmed by the CEO of Kaspersky......

Eugene Kaspersky‏
@e_kaspersky

Update on #NotPetya #ExPetr: threat actors CAN'T decrypt files. Don't pay ransom. It won't help ->


Interesting use of the two words..."threat actors"......

Airport in Oslo is completely grounded due to #NotPetya attacks. No check in, no bag drop. Thousands of people stranded.

NOTE....if my assumptions are correct this malware is a totally new class of malware attack thus the name Petya in any form simply does not fit.....MAYBE the following suggestion.....

MassiveCoordinatedCyberInvasion works well even as a hashtag.....

What happened in Ukraine is long pass the concept of "a cyber attack".....

WHY is the "big boys" in IT anti viral security are still lagging after this attack on Ukraine.....

Right now individual IT analysts and small IT security companies are providing far more insight into this attack than "the big boys" who will at some point release massive reports and take all the credit.....

It was the "small guys" who immediately called this attack a true cyber attack by a state sponsored group ie Russia......based on the first single target...Ukraine...

From yesterday.....

Email of the attacker is down. And the code itself look more like a wiper than an encoder. cf below: #Petya

I am posting the entire article and giving credit to the author as it is important to fully understand this Russian cyber invasion as it has gone far past what is termed "cyber attack"......

https://www.cyberscoop.com/petya-ransomware-destructive-microsoft-windows-master-boot-record/

Global ransomware attack was meant to be destructive, not collect money

Written by
Chris Bing
Jun 28, 2017 | CyberScoop


A global ransomware outbreak Tuesday was inherently designed to be destructive in nature, according to private sector cybersecurity researchers.
An analysis of a unique variant of Petya ransomware#conducted by Comae Technologies’ Matthieu Suiche reveals that computer code in the June 27 version of the malware is different than previous samples which were tied to incidents involving monetary gain. The primary difference between past Petya variants and Tuesday’s malware comes in the form of a small block of code that effectively commands the virus to “erase the#Windows system’s#Master Boot Record#(MBR) on default,” said Suiche.
“After comparing both implementations, we noticed that the current [implementation] that massively infected multiple entities in Ukraine was in fact a wiper, which just trashed the 25 first sector blocks of the disk,” Suiche wrote in a blog post.
The new version of Petya, dubbed “NotPetya,” effectively demolishes a key function of the victim computer’s boot process even before a victim has the chance to read any ransom demands.
“Ransomware needs the ability to restore the MBR,” Suiche told CyberScoop. #“A wiper makes it so that files can’t be restored .. typically ransomware will decrypt files if you pay, or restore the MBR if you pay. This doesn’t do that. It’s destructive.”
The motive for this expansive cyberattack quickly became a hotly debated topic on social media among security researchers.
Analysts closely monitoring Petya’s spread#— an impact that crippled companies in Ukraine, France, Russia, Spain and the U.S. —#have been casting doubt on the idea that the ransomware was designed by cybercriminals to collect money.
“The goal of a wiper is to destroy and damage. The goal of ransomware is to make money. Different intent. Different motive. Different narrative,” Suiche explained.
Elements of the ransomware were poorly configured in such a way that receiving payment didn’t seem to be a priority for the hackers, according to Intel471 founder Mark Arena.
“The ransomware message was the same for all victims, used the same bitcoin wallet and provided a web email address that was promptly taken down by the web email provider,” Arena said. “In our opinion, the attacker or attackers clearly showed no interest in decrypting the files for victims that paid them.”
The contact email address left by the hackers for victims to reach out to unlock an encrypted system was registered through a public web platform, meaning that the email address was not hidden or blocked#from access by administrators.
Within hours of Tuesday’s outbreak, the email provider predictably shut down the account, making it impossible to authorize a decryption. The#hackers would have likely understood this would happen — a logical assumption that adds#to#to the idea that this wasn’t a financially motivated attack.
In addition, because of the relatively targeted nature of the Petya outbreak#— having been largely contained to organizations directly working with Ukrainian companies that interface with financial software developer MeDoc#— some analysts say the disruption was directly meant to specifically handicap the country in the days before a national holiday.
Tensions between Russia and Ukraine have been high in recent months.#
“We believe with medium confidence that [NotPetya] is not a ransomware campaign but was intended to cause wide scale damage to organizations in Ukraine,” Arena said. “We base this assessment on the advanced capability of the threat actor or group with M.E.Doc’s update system being compromised and used to spread the malware, the malware itself and it’s spreading capability.”
In an email to CyberScoop, a Kaspersky Lab spokesperson sent the follow statement regarding the company’s latest analysis of NotPetya

The Kremlin has unleashed the full power of its propaganda machine against @Telegram, says David Homak. But why?
https://themoscowtimes.com/articles/channeling-anger-in-russia-even-chat-messengers-are-politicized-and-censored-58272#

What worries me about NotPetya:

Unsophisticated .......but it really is not
Very repeatable......thus a massive attack weapon
Was pulling its punches targeting Ukraine...thus can be turned on any country the state sponsor wants attacked
No easy / simple fix for victims.........thus right now no fix in sights

AS it wipes the MicroSoft Master Boot File (MBF)....that thingy that controls both the computer and MS.....

AND without the "thingy" it is virtually impossible reboot the computer thus it is nothing but a piece of metal and plastic and worthless....

This malware was designed to destroy not hinder....

By Victor Davis Hanson at American Greatness: https://amgreatness.com/2017/06/28/late-great-russian-collusion-myth/

Introduction:


Incoming elected administrations, especially the Obama transition team of 2008 in the case of Russia and Iran, seek contacts with foreign diplomats before formally entering office.

Most presidential campaigns are staffed by at least a few free-lancing opportunists who see their candidate as a nexus for profiteering. There is no need for a reminder of the lucrative careers of Bill Clinton from 2009-2012, or of Hillary Clinton’s brother, or of the nature of some of John Podesta’s investments. And foreign governments, our own included as in the case of the Obama Administration’s entrance into the Israeli elections, are frequently accused of trying to sway or indeed interfere with another nation’s campaign cycles.

Yet what is strange about the charges of collusion between the Trump campaign and the Russian government is that those landscapes were concocted into something supposedly criminal and uniquely applicable to Donald Trump’s election and presidency. Indeed, one of the strangest events in recent political history was the post-election false news narrative that Trump and the “Russians” had colluded during the campaign to rob Hillary Clinton of a sure victory.

Highlights:


FBI Director Comey informed President Trump on three occasions that he was not personally, the subject of any investigation about collusion with Russia
Former DNI Clapper and former CIA Director Brennan admitted that there was no intelligence to their knowledge implicating Trump as a colluder with Putin to gain advantage over Clinton
Former Homeland Security Secretary Johnson conceded that there was no evidence of any Trump campaign effort to persuade Russia to interfere in the elections
President Obama, who had intelligence reports of Russian election-cycle hacking, dismissed the idea that any party could taint a U.S. presidential election and denounced Trump’s suggestion that the impending election might be “rigged”



Poster's Note: read what Obama said in October 2016 regarding Trump’s claims of election “rigging”, which could refer to any type of voter fraud, suppression or “hacking”:




To Trump: “stop whining”
The voting process is protected because it is “so decentralized”
Trump’s claim is “not based on facts”
“I have never seen in my lifetime or in modern political history any presidential candidate trying to discredit the elections and the election process before votes have even taken place.”
“…if he [Trump] got the most votes, then it would be my expectation of Hillary Clinton to offer a gracious concession speech and pledge to work with him in order to make sure that the American people benefit from an effective government”



Hillary Clinton lost because she was a poor candidate, her campaign was incompetent (wasting resources on red states rather than solidifying the “blue wall”), and because she did not offer a compelling story, other than the novelty of becoming the first female president.


With respect to appeasement of the Russians, Obama launched a “reset” in reaction to Bush’s increasingly confrontational stance. Obama also was recorded explaining that he would need “space” from Putin until after the 2012 election, after which he could respond with “flexibility”. Lastly, Obama also in 2012 ridiculed presidential candidate Romney’s assertion that Russia was the primary threat to the United States.


Republicans such as Nunes and McCain have denounced Obama for years, for not confronting Russian aggression in Ukraine, for various intelligence failures, and for not answering Russia’s information war against the U.S.


VDH: “How the media was able in a matter of hours after the election to rebrand Democrats as anti-Russian hawks and Republicans as colluders with Putin is one of the strangest and yet most successful political fabrications in recent history.”


Clinton seemed to be enjoying a comfortable lead in the last months of the 2016 campaign, but there were concerns that the DNC favoring her over Sanders, her private server and pay-for-play scandals were damaging.


Putin was openly hostile to Obama, Clinton and Kerry, and believed that they had at various times meddled in Russia’s 2012 election and provoked the revolution in Ukraine in 2014.


“Never Trump” Republican and Clinton campaign opposition research (e.g. the Steele Dossier) came to the attention of FBI Director Comey. Various bureaucrats later leaked salacious details of the Dossier to the press.


Yet the media continued to largely ignore the Russian collusion story given that Clinton’s victory was almost a certainty. But then Trump won, despite losing the popular vote, and by crumbling the “blue wall”.


Following Trump’s victory, the Clinton campaign needed to counter Trump (i.e. delegitimize and undermine) and to console itself, and revived the Russian collusion story. The media was eager for controversy and therefore public attention, and intelligence careerists who saw Trump as a threat to their “community” tried to authenticate the smear. The smear easily fit convenient stereotypes about Trump, Trump’s rhetoric and actions worsened the problem and Putin enjoyed watching Americans turn on one another rather than him. The smear also drowned out accusations that Obama leaked to the press or that Attorney General Lynch had obstructed the FBI’s investigation of Clinton.

By Paul Roderick Gregory: https://www.forbes.com/sites/paulroderickgregory/2017/06/19/is-russiagate-really-hillarygate/#2d4697945cf6

Introduction:


According to an insider account, the Clinton team, put together the Russia Gate narrative within 24 hours of her defeat. The Clinton account explained that Russian hacking and election meddling caused her unexpected loss. Her opponent, Donald Trump, was a puppet of Putin. Trump, they said, “encourages espionage against our people.” The scurrilous Trump dossier, prepared by a London opposition research firm, Orbis, and paid for by unidentified Democrat donors, formed a key part of the Clinton narrative: Trump’s sexual and business escapades in Russia had made him a hostage of the Kremlin, ready to do its bidding. That was Hillary's way to say that Trump is really not President of the United States—a siren call adopted by the Democratic party and media.

Highlights:



The most uncovered story of RussiaGate is the connection between the Clinton campaign, an unregistered agent of Russia in Washington, and the Steele Dossier. It is possible that Russian intelligence fabricated the Dossier as part of its overall disinformation campaign to sow chaos in the American political system. If Clinton’s associates ordered and paid for the Dossier, then RussiaGate becomes a story of collusion between Clinton campaign operatives and Russian intelligence. Only the Wall Street Journal, The Federalist and National Review have covered the possible Russian intelligence-origins of the Dossier.


On March 31, 2017, Senator Grassley (R-Iowa) demanded from the DOJ documentation on “Fusion GPS”, a firm that managed the Steele Dossier. Sen. Grassley explained that it would be of concern for his Judiciary Committee because: “when Fusion GPS reportedly was acting as an unregistered agent of Russian interests, it appears to have been simultaneously overseeing the creation of the unsubstantiated dossier of allegations of a conspiracy between the Trump campaign and the Russians.”


On May 3, 2017, before the Senate Intelligence Committee, former FBI Director Comey refused to answer questions about Fusion GPS and the Dossier (“I don’t want to say”).


Russia SME David Satter wrote:


Russian intelligence also acted to sabotage Mr. Trump. The ‘Trump dossier, full of unverified sexual and political allegations, was published in January by BuzzFeed, despite having all the hallmarks of Russian spy agency ‘creativity.’ The dossier was prepared by Christopher Steele, a former British intelligence officer. It employed standard Russian techniques of disinformation and manipulation…after the publication of the Trump dossier, Mr. Steele went into hiding, supposedly in fear for his life. On March 15, however, Michael Morell, the former acting CIA director, told NBC that Mr. Steele had paid the Russian intelligence sources who provided the information and never met with them directly. In other words, his sources were not only working for pay. Furthermore, Mr. Steele had no way to judge the veracity of their claims…Perhaps the time has come to expand the investigation into Russia’s meddling to include Mrs. Clinton’s campaign as well.



Poster’s Note: Satter was expelled from Russia and one of the first journalists to claim that the 1999 Russian apartment bombings were a plot by Russian intelligence to bring Putin to power and provide a pretext for the Second Chechen War (Darkness at Dawn). If this was what truly happened, and I believe that it was, nothing the current president has said or done with regard to U.S.-Russia relations can compare to the naïveté of his two predecessors in attempting to cooperate with Putin in good faith.


According to Vanity Fair, Fusion GPS was initially paid for opposition research by an anti-Trump Republican donor, but then paid by Democratic donors whose identities remain secret.


The Fusion GPS-Steele Dossier link must be investigated by Special Counsel Mueller, and Steele interviewed himself...

By Victor Davis Hanson at American Greatness: https://amgreatness.com/2017/06/28/late-great-russian-collusion-myth/ (https://amgreatness.com/2017/06/28/late-great-russian-collusion-myth/)

You really want a comment on this load of information that makes FAKE news actually look like FAKE news.........oh where to begin...??
BTW...was it not the former DHS Director that stated 21 State databases were in fact hacked and in especially two that are being reviewed "data was exfiltrated"..meaning actually stolen......

THEN we have this week the announcement that a GOP contractor actually SCL onwed by Bannon who sold it to Mercer and Cambridge Analytica "pushed a database containing 200M US voters with just about everything one needs for identity theft onto a totally unsecured with no password onto a Amazon cloud server for a total of 21 days and THEN was evidently surprised that it was stolen....

HELLO Moscow...REMEMBER this is Trump calling..please release those 200M records on all of the American voters...please..pretty please...you did help with the 30,000 so 200M should not be a problem.....???

Come on give me a break....

If by now you truly do not understand the depth of the Trump collusion and that of his close associates then there is not much hope for you when in the end a many end up in court ALL stating ...it was a Democratic smear operation...

Do you seriously want me to link you to a large money transfer made out of Russia via Cyprus to America Greatness???

All in due time as that money transfer was and is key for an ongoing GOP money laundering FBI investigation.....

We are at now 140 FBI investigators and 14 of the VERY BEST Federal prosecutors and RCO prosecutors many speaking Russian and YET there is now collusion...??

Azor...notice anything...neither of these articles actually attempt to counter the recent Washington Post article on the Russian hacking under Obama....

NOR do they address the following....AND in the midst of proTrump pundits and writers attempting to defend Trump they never seem to attack the Wapo article plus the four below....not a single attack...strangely silent is theri motto...

The IC has intercepted Russian hackers discussing getting Clinton's emails and sending them to Michael Flynn.
https://www.wsj.com/articles/gop-ope...n-1498770851#…

The RNC paid a firm with "intelligence connections in Russia" to try to find dirt on Hillary Clinton.
http://www.politico.com/story/2017/0...ments-236436#…

Article contains 12 names including Trump, his family and his close associates...AND the following sentence.....
"I have now been granted permission and even encouraged to report everything relating to allied intelligence on Trump Russian suspects".

EXCLUSIVE Reince ‘Wanted to Run’ – NATO SIGINT on Trump’s Treasonweasels PART 1
https://patribotics.blog/2017/06/29/...reasonweasels/



In the wake of the Washington Post’s naturally, and commendably, guarded exclusive on Vladimir Putin’s direct ordering of the Russian attack on Secretary Hillary Clinton, we offer readers a short guide to what sources with links to the intelligence communities of more than one Western nation and sources with links to the Justice Department report that allied nations possess in terms of SIGINT, or Signals Intelligence, on various suspects in the Russian hack of America.
This guide is intended to be a report on what we know and is not exhaustive. Doubtless there is a lot more out there from allied and enemy nations to the West that we do not know of.
Donald Trump:
Countless intelligence agencies, mostly hostile, hacked Trump’s insecure Android phone. The British, Ukranians and Germans all have recordings of Carter Page in Moscow offering treason for hacking, and recordings of Page playing the tape of Donald Trump for his Moscow paymasters, wherein Trump promises unspecificed (to us) shifts of policy in exchange for hacking help.
As I reported exclusively at Patribotics, this tape was discussed with Sergei Kislyak by Trump, Manafort, Page and Epshteyn. As I further reported, Sergei Kislyak’s phone was ‘hot miked’ through an SS7 exploit by a Five Eyes nation for a portion of last year. By request, I am withholding the nation and the amount of time that Kislyak’s phone was recording all those with whom he came in contact*. #I will report on exactly how each nation holds this intelligence when I come to Carter Page.
The United Kingdom in particular has a treasure trove of intelligence on Donald Trump. Before Nigel Farage – acting as a courier, sources say – went in to see Julian Assange, Donald Trump called his phone (the previous night). British intelligence taped that conversation, sources say, as Farage was under surveillance, and have provided the resulting fresh evidence of treason to the USIC.
Julian Assange’s conversations about Trump and with his couriers are all on tape. British intelligence and the NSA have been inside the Ecuadorean Embassy for some time. There is disbelief, sources report, in many conversations between the two closest intelligence partners in the world, America and Britain, at how stupid the Russians and Ecuadoreans have been to believe Julian Assange’s pitiable assertions that his communications were ever secure.
Vladimir Putin
Vladimir Putin, for the avoidance of doubt, was recorded by both British intelligence and private allied intelligence firms of more than one nation, directly ordering an attack on the United States election and on Hillary Clinton. This recording was given to the Washington Post, and they held it back out of respect for US intelligence, for which I applaud them.
Donald Trump Jr
Donald Trump Jr was directly taped by the French before the election, colluding treacherously with the Russians. As with all NATO allies who are not part of the Five Eyes agreement, there is no legal reason why they cannot directly tape Americans abroad. The FBI would need permission with a FISA warrant to listen to any such intelligence on U.S. persons.

This report will be updated with a Part II tomorrow.


EXCLUSIVE: Five Eyes sources: SIGINT from UK on Maria Putin in league with Prince and DeVos over Spectrum Server

PART II

https://patribotics.blog/2017/06/29/...ssian-embassy/


Jared Kushner
Various hostile intelligence agencies have SIGINT on Kushner; the UK and US recorded him in the Russian Embassy when he was discussing his ‘back channel’ to Russia. The Russian Embassy to the United States in Washington D.C. is Russian sovereign territory. Although the UK is barred by the Five Eyes agreement from spying on US soil, the Russian Embassy is not US soil. Again I remind readers of my exclusive report that Sergei Kislyak’s phone was hot miked and was recording everybody it came into contact with.
At least the UK and the USA have Prince on SIGINT. He was intimately connected with the Carolina Conspiracy and with the Alfa Bank and Spectrum Health servers. The ‘back channel’ to Russia is those servers. Prince was deeply involved with the Carolina Conspiracy.
Betsy DeVos
Is on SIGINT by the USA and UK in relation to the use of the Spectrum Health server. It is important to say here that Ms. De Vos herself is a Erik Prince
suspect, according to my sources with links to the intelligence community.
Maria Putin
The daughter of Vladimir Putin. She heads an endocrinology charity. Michigan’s facility, where the Spectrum Health server was located, is an endocrinology center. I reported in my Nov 7th 2016 report on the two FISA warrants, which Naveed Jamali publicly tweeted he was a source for, that Putin’s own daughters were involved in the activities of the server.
Oleg Deripaska
As a Russian, Deripaska is on SIGINT with multiple foreign allies including the UK and France. Mr. Deripaska particularly hates Hillary Clinton, who denied his visa to America in 2009. I reported some of this SIGINT in my recent piece about Sheriff Clarke being taped in Russia with associates of Deripaska, ordered to attack Black Lives Matter. Mr. Deripaska runs many assets in the United States, in the media. He is on SIGINT over the Carolina Conspiracy, as are some of his associates who are American. He is on SIGINT over Putin’s daughters and the Alfa and Spectrum servers.
Jack Posobiec
Mr. Posobiec, sources with links to US intelligence report, is a Russian agent of influence who has been working with Rebel Media. He boasted of publishing the “Macron Leaks” that turned out to be fake. France’s DGSE, or CIA equivalent, hacked Rebel Media’s server in Canada. They discovered material relating to the Carolina Conspiracy that forced the Comey letter. They have all Mr. Posobiec’s communications with Erik Prince, Oleg Deripaska’s agents in the media in the USA, and Team Treason as well as Sputnik and various hackers.

Azor.......so when American Greatness gets their act together and counters point for point these articles then you might get my attention.....

Azor...we are getting awful close to what people in the military call "the tipping point" OR plain people call.."when the shoe drops".....

Check the time stamp and date of this Holder tweet from very early this morning.......

Eric Holder‏
@EricHolder

To the career men & women at DOJ/FBI: your actions and integrity will be unfairly questioned. Be prepared, be strong. Duty. Honor. Country.
00:17 - 30. Juni 2017


You and American Greatness are getting very close to seeing, reading and especially hearing the "truth"....and not from Fox News but from DoJ via SC Mueller and his prosecutor team.....

I have had the chance to actually hear some portions of three tapes held by German IC.....there was and is still ongoing collusion.....

And it confirms what the social media journalist alluded to in her two stories above .....

Just sit back, grab some popcorn and a large coke, settle in and just wait....it will be extremely interesting what unfolds...

AND it might cause people to seriously rethink their own personal core values...country over populism or vice versa.... a lot of us sworn an oath to this country to defend it from enemies near and far and Trump and many around him seem to think those are just empty words...and MONEY rules over values....in their world and the Russians played on that single theme...

ANYONE who attempts to look far more closely at Russia and Trump gets attacked..notice that even some GOP people will have to answer for this when the dust settles....

WHEN that dust settles I will post with document copies for you exactly how much this Congressman got from Russian via Cyprus and washed in UK and PR into the US....for his campaign....

BTW...below is probably one of the best mish mash of FAKE elements to create the illusion of it being the "truth"....WHY is that??