Ransomware hits small number of U.S. critical infrastructure operators: official
http://reut.rs/2pNAgIR
Ransomware hits small number of U.S. critical infrastructure operators: official
http://reut.rs/2pNAgIR
Last edited by OUTLAW 09; 05-15-2017 at 04:34 PM.
Patriarch of Russian Orthodox church making sure that the Ministry of Internal Affairs computers won't get affected by WannaCry virus attack
After the horse has bolted
The National Cyber Security Centre, the NCSC (UK and part of GCHQ), has publishedtechnical guidance, which includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the “WannaCry” Ransomware:https://www.ncsc.gov.uk/guidance/ran...-ncsc-guidance
For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here:https://www.ncsc.gov.uk/guidance/pro...ion-ransomware
The Soufan Group's commentary:http://www.soufangroup.com/tsg-intel...omware-attack/
Last edited by davidbfpo; 05-15-2017 at 10:45 PM.
davidbfpo
Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry
https://arstechnica.com/?post_type=post&p=1098281#
The three bitcoin wallets tied to #WannaCry ransomware have received 216 payments totaling 34.6200695 BTC ($58,821.36 USD).
Last edited by OUTLAW 09; 05-16-2017 at 07:33 AM.
@DAlperovitch on lessons learned from the #WannaCry cyberattacks:
http://www.atlanticcouncil.org/blogs...ave-your-data#
Hackers mint crypto-currency with technique in global 'ransomware' attack
http://reut.rs/2pTagMh
#
The Electronic signature technology provider DocuSign suffered a data breach
Hackers broke into the system of the technology provider DocuSign and accessed customers email. The experts warn of possible spear phishing attacks. The#Electronic signature technology provider DocuSign suffered a data breach, hackers have stolen emails.
Shadow Brokers are back after WannaCry case, it plans to offer data dump on monthly subscription model
Shadow Brokers made the headlines once again, the notorious group plans to offer data dump on a monthly subscription model. The notorious Shadow Brokers hacking group made the headlines during the weekend#when systems worldwide were compromised by the WannaCry#ransomware..which they had released as part of their NSA data dump.....
Russia suffered the highest number of registered WannaCry attacks globally and now suddenly they did not.....Originally Posted by OUTLAW 09
Deputy secretary for Russia's National Security Council says WannaCry ransomware caused minimal damage in Russia.
That is not the story carried by their state media in the first days of the attack....
Over 100K computers got hit....as Russian runs largely illegal MS XP copies ......and illegal copies of MS Server 2003....
Average Russian OS's are XP and MS Server 03?
That's crazy.
I think I also read that Russian banks only invest a fraction of that spent by major US/Western banks on IT/Cyber security.
Is the Russian banking sector seriously vulnerable to a non attributable proxy attack campaign?
Answer to the question is...yes they are example..Morgan Stanley invested over 600M USDs in IT security in 2016 for their global network........
Entire Russian banking system 25M USDs.....
BTW...a lot of MS W7 was hit inside Russia......
Last edited by OUTLAW 09; 05-23-2017 at 03:41 PM.
A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware.
Miroslav Stampar @stamparmThe security expert Miroslav Stampar, a member of the Croatian Government CERT, has discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw in the SMB protocol to spread itself like the popular WannaCry ransomware.
Stampar#discovered the EternalRocks after it infected his SMB honeypot, he called the malware ‘DoomsDayWorm.’
Stampar#discovered that the EternalRocks disguises itself as WannaCry, but instead of delivering a ransomware, it takes over the affected computer to power other attacks.
The researcher decompiled an older sample (start of May) of EternalRocks and published it on Github.
Unlike the WannaCry Ransomware that leverages the two NSA hacking tools EternalBlue and DoublePulsar, EternalRocks exploits seven exploits leaked by Shadow Brokers and its code doesn’t include a kill-switch.
EternalRockswas developed to avoid detection and to remain undetectable on the target system, it uses the following NSA exploits:
EternalBlue — SMBv1 exploit tool
EternalRomance — SMBv1 exploit tool
EternalChampion — SMBv2 exploit tool
EternalSynergy — SMBv3 exploit tool
SMBTouch — SMB reconnaissance tool
ArchTouch — SMB reconnaissance tool
DoublePulsar — Backdoor Trojan
EternalRocks downloads all the above SMB exploits to the infected computer, then it scans the internet for open SMB ports on other systems to compromise.
Info on (new) EternalRocks worm can be found on
https://github.com/stamparm/EternalRocks/#
…. Will keep it updated, along with @_jsoo_
Update on #EternalRocks. Original name is actually "MicroBotMassiveNet" while author's nick is "tmc" https://github.com/stamparm/EternalR...trings#…
If I will be asked to choose a name, let it be a DoomsDayWormc52f20a854efb013a0a1248fd84aaa95
P.S. there is no kill-switch. Everything goes through Tor. Initial infection by MS17-010 drops Tor binaries for further communication
Somebody actually used complete Shadowbrokers dump (SMB part) and made a worm out of it. Uses WannaCry names (taskhost/svchost) to distract
Seems to be just spreading at the moment and getting further commands from C&C
Whole EternalRocks campaign (first and second stage malware) uses Mutex: {8F6F00C4-B901-45fd-08CF-72FDEFF}
Last edited by davidbfpo; 06-16-2017 at 09:22 AM. Reason: Edited quote to fit ToR
URGENTLY IMPORTANT
It is just a matter of time until common malware through phishing bad guys will incorporate SMB exploits for synergistic attack.
Then, we all die.........
http://securityaffairs.co/wordpress/A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware.
Miroslav Stampar @stamparm
Just captured 406ac1595991ea7ca97bc908a6538131 and 5c9f450f2488140c21b6a0bd37db6a40 in MS17-010 honeypot. MSIL/.NET #WannaCry copycat(s)
Miroslav Stampar @stamparm
Info on (new) EternalRocks worm can be found on
https://github.com/stamparm/EternalRocks/#
…. Will keep it updated, along with @_jsoo_
Update on #EternalRocks. Original name is actually "MicroBotMassiveNet" while author's nick is "tmc" https://github.com/stamparm/EternalR...trings#…
If I will be asked to choose a name, let it be a DoomsDayWorm
P.S. there is no kill-switch. Everything goes through Tor. Initial infection by MS17-010 drops Tor binaries for further communication
Somebody actually used complete Shadowbrokers dump (SMB part) and made a worm out of it. Uses WannaCry names (taskhost/svchost) to distract
Seems to be just spreading at the moment and getting further commands from C&C
Whole EternalRocks campaign (first and second stage malware) uses Mutex: {8F6F00C4-B901-45fd-08CF-72FDEFF}
Who then rewrote the researchers published in public domain notes....
#
Last edited by OUTLAW 09; 06-12-2017 at 01:32 PM.
Posting Permissions
Reply With Quote
Bookmarks