Home » Posts tagged 'ransomware'

Tag Archives: ransomware

Olduvai
Click on image to purchase

Olduvai III: Catacylsm
Click on image to purchase

Post categories

Post Archives by Category

The Colonial Pipeline Hack, The ‘Russians’, & The FBI’s Ransom-Grab – What Really Happened?

June 8, 2021

The Colonial Pipeline Hack, The ‘Russians’, & The FBI’s Ransom-Grab – What Really Happened?

Speculation has been running rampant over today’s FBI press conference revealing the recovery of most of the ransom paid to “Russian” hackers by Colonial Pipeline.

Ben THE Kaufman summarizes:

Media: “The FBI hacked Bitcoin and can take anyone’s funds.”

Reality: The pipeline hackers didn’t have the Bitcoin in the first place but kept it in a remote server the FBI could access with subpoena.

Media coverage is mostly lies at this point.

Which raises the following point (h/t Jordan Schachtel):

So the “hackers” brought down the largest pipeline on the east coast…

…but couldn’t spend 50 bucks on a clean hardware wallet to secure their bitcoin?

Makes sense to me!

So what really happened?

Jordan Schachtel explains at ‘The Dossier’ Substack

Top Department of Justice officials claimed to strike a major blow against the culprits of the Colonial Pipeline cyber attack Monday, announcing that they had seized almost all of the funds paid to the affiliate group responsible for contracting the DarkSide ransomware attack.

Colonial Pipeline suffered a ransomware attack in early May and responded by preemptively shutting down the pipeline’s entire operations for some time, forcing a temporary but major energy crisis throughout the Southeastern United States. In order for the computers that maintained the pipeline to get back to full operation, Colonial agreed to pay a ransom in the form of 75 bitcoin, which was worth about $5 million at the time.

Now, here’s where things get weird: 

In their triumphant statements this morning, the DOJ claimed to have seized the funds from the group that reportedly paid DarkSide for their Ransomware as a Service (RaaS) attack on Colonial. Notably, they did not secure the funds from DarkSide, which took a fee from the ransom in bitcoin that remains in the possession of the shadowy operation.

…click on the above link to read the rest of the article…

Pandemic Phase Two

May 25, 2021

Pandemic Phase Two

Klaus Schwab and his World Economic Forum are most likely preparing for the second punch following the manufactured COVID Pandemic. The second punch is his profound warning with simulations once again of a cyber attack that will take down the world economy. I find it curious how this man who thinks he can direct, control, and accelerate what he calls the Fourth Industrial Revolution and turn it GREEN, has also created his center for cybersecurity.

The World Economic Forum has already conducted a simulation of a cyberattack that brings the global financial system to its knees. Of course, just months before this manufactured pandemic, there too simulations were conducted on how to carry that one out. They appear to have timed their manufactured pandemic with the turn in the Economic Confidence Model. Our models have clearly shown that the crash of March 2020 was unprecedented and never before in history did such an event move that far in such a short period of time. It appears to have been a deliberate manipulation.

After years of trying to get me on board, perhaps this time they are simply realizing that they should time their events with the model to get the biggest bang for the bucks. Will they wait until next March of 2022? Or will they use our shorter-term array and target August-October? It was last November of 2020 when Schwab’s World Economic Forum teamed with the Carnegie Endowment for International Peace to put out phase II of this plan to force the world to accept his Great Reset. They co-produced a report which warned that the global financial system was now vulnerable to cyber-attacks.

…click on the above link to read the rest of the article…

Ransomware attacks and biodiversity: A possible lesson from nature

November 2, 2020

Ransomware attacks and biodiversity: A possible lesson from nature

As I read about recent ransomware attacks on hospitals, I was reminded of a seemingly unremarkable event years ago when I was still using a computer with the Windows operating system. I was working with a medical doctor turned medical IT specialist. His preferred operating system—though not that of the hospitals he worked for—was the one on his Apple computer. When he loaded files from a flash drive onto his machine in my presence, I asked why he didn’t check for viruses first. He had a one-word answer: biodiversity.

He was, of course, using the metaphor of biodiversity to refer to the fact that the vast majority of computer viruses and malware targeted Windows systems at that time, something that is still true today. Very few threats targeted the Apple operating system, and because of its design the system was (and is) more resistant to such attacks.

Every student of biology—which naturally includes doctors and health care workers—ought to be aware of the advantages of biodiversity in natural systems. Biodiversity brings resilience to species and to entire ecosystems. Variations in members of a species make it more likely that some will survive to propagate. Variations across species that inhabit an ecosystem make it more likely that the system will survive as a coherent unit when some, but not all of a particular species die out.

Of course, computer networks are not biological systems (unless you include the human operators). But they suffer some of the same obvious vulnerabilities. When you look at the share of operating systems worldwide for all platforms there appears to be at least some diversity with two major systems, Android and Windows vying for first place.

…click on the above link to read the rest of the article…

Bad Rabbit Ransomware: ‘This Is A Targeted Attack’

October 25, 2017

Bad Rabbit Ransomware: ‘This Is A Targeted Attack’

ransomware

The Bad Rabbit ransomware is spreading across Europe not long after the WannaCry and NotPetya outbreaks. But Bad Rabbit is a “targeted attack” with widespread implications.

A new cyber attack is affecting numerous computer systems around Europe. The new strain of ransomware known as “Bad Rabbit” is believed to be behind all of the trouble.  Bad Rabbit has spread to Russia, Ukraine, Turkey, and Germany. Cybersecurity firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier in the year.

According to the Kaspersky Lab, the majority of victims are located in Russia, and the ransomware appears to have infected devices through the hacked websites of Russian media organizations. Interfax and Fontanka in Russia have both been hit by a cyber attack, as have Odessa Airport and the Kiev Metro in Ukraine.

“Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the ExPetr attack,” Kaspersky Lab has said. “However, we cannot confirm it is related to ExPetr.” According to Secure Lst,  ExPetr is a wiper, not ransomware. “The dangerous aspect is the fact that it was able to infect many institutions which constitute critical infrastructure in such a short timeframe,” says Robert Lipovsky, a malware researcher at ESET, “which indicates a well-coordinated attack.”

Kaspersky also found strong evidence tying the new attack to the creators of NotPetya. After the June NotPetya outbreak, the company’s analysts found that one Ukrainian news site, Bahmut.com.ua, had been hacked to deliver the malware, along with dozens of other sites that were similarly corrupted—but hadn’t yet been activated to start infecting victims. Now Kaspersky has found that 30 of those hacked sites began to distribute the BadRabbit malware on Tuesday. –Wired

…click on the above link to read the rest of the article…

Cyberattacks & the Vulnerability of a Cashless Society

May 22, 2017

Cyberattacks & the Vulnerability of a Cashless Society

QUESTION: Cyberattacks vs. Cash elimination – an argument against eliminating cash. Hello Mr. Armstrong, it is quite apparent that no government, no financial institution, Anti-virus software developer, or either ‘whatever’ is is really capable to stop cyberattacks. Now these people want to eliminate cash, make larger cash amounts illegal. So theoretically these cyber attackers could/ maybe will, eventually just stop the whole economy. Nobody may even be able to buy food. So instead of eliminating cash, should it not be policy people carry at least a month’s worth of expenses in cash? Your reply should be quite interesting to us, your readership!

Best,

AP

ANSWER: The WannaCry ransom attack is actually variant from a February 2015 sample attributed to the Lazarus Group, a Kaspersky-tracked actor tied to the North Korean government. Parts of the code go beyond shared code. It appears to be written by the same programmer.

Let’s get something straight here. At the core of those responsible is really the NSA and Microsoft itself. The attack exploited a Windows networking protocol to spread within networks, and while Microsoft released a patch nearly two months ago, it’s become very clear that patch didn’t reach all users particularly because institutions often do not install patches fearing that proprietary software may not function.

If behind the curtain we have government demanding back-doors into iPhones and computer so they can listen to everything everywhere, well guess what – so can everyone else. Patches will work for individual users, but not major institutions. Trying to upgrade their operations is a real effort. They are slow to act and thus vulnerable.

…click on the above link to read the rest of the article…

Cyber Attacks Are The Perfect Trigger For A Stock Market Crash

May 18, 2017

Cyber Attacks Are The Perfect Trigger For A Stock Market Crash

The world has been stunned over the past few days by the advent of “Ransomware;” the use of sophisticated cyber attacks on vital systems in order to (supposedly) extort capital from target businesses and institutions. I am always highly suspicious whenever a large scale cyber incident occurs, primarily because the manner in which these events are explained to the public does not begin to cover certain important realities. For example, the mainstream media rarely if ever discusses the fact that many digital systems are deliberately designed to be vulnerable.

Software and internet corporate monoliths have long been cooperating with the NSA through programs like PRISM to provide government agencies backdoor access to computer systems worldwide. Edward Snowden vindicated numerous “conspiracy theorists” in 2013 with his comprehensive data dumps, exposing collusion between corporations and the NSA including Microsoft, Skype, Apple, Google, Facebook and Yahoo. And make no mistake, nothing has changed since then.

The level of collusion between major software developers and the establishment might be shocking to some, but it was rather well known to alternative analysts and researchers. The use of legislation like the Foreign Intelligence Surveillance Act (FISA) to skirt Constitutional protections within the 4th Amendment has been open policy for quite some time. It only made sense that government agencies and their corporate partners would use it as a rationale to develop vast protocols for invading people’s privacy, including American citizens.

The issue is, in the process of engineering software and networks with Swiss cheese-like defenses in the name of “national security,” such exploits make vast spreads of infrastructure vulnerable to attack. I think it likely this was the intention all along. That is to say, the NSA and other agencies have created a rather perfect breeding ground for false flag attacks, real attacks and general crisis.

…click on the above link to read the rest of the article…

Bank of China ATMs Go Dark As Ransomware Attack Cripples China

May 13, 2017

Bank of China ATMs Go Dark As Ransomware Attack Cripples China

In the aftermath of the global WannaCry ransomware attack, which has spread around the globe like wildfire, a significant number of corporations and public services have found their infrastructure grinding to a halt, unable to operate with unprotected if mission-critical computers taken offline indefinitely. Some of the more prominent examples so far include:
  • NHS: The British public health service – the world’s fifth-largest employer, with 1.7 million staff – was badly hit, with interior minister Amber Rudd saying around 45 facilities were affected. Several were forced to cancel or delay treatment for patients.
  • Germany’s Deutsche Bahn national railway operator was affected, with information screens and ticket machines hit. Travelers tweeted pictures of hijacked departure boards showing the ransom demand instead of train times. But the company insisted that trains were running as normal.
  • Renault: The French automobile giant was hit, forcing it to halt production at sites in France and its factory in Slovenia as part of measures to stop the spread of the virus.
  • FedEx: The US package delivery group acknowledged it had been hit by malware and said it was “implementing remediation steps as quickly as possible.” .
  • Russian banks, ministries, railways: Russia’s central bank was targeted, along with several government ministries and the railway system. The interior ministry said 1,000 of its computers were hit by a virus. Officials played down the incident, saying the attacks had been contained.
  • Telefonica: The Spanish telephone giant said it was attacked but “the infected equipment is under control and being reinstalled,” said Chema Alonso, the head of the company’s cyber security unit and a former hacker.
  • Sandvik: Computers handling both administration and production were hit in a number of countries where the company operates, with some production forced to stop. “In some cases the effects were small, in others they were a little larger,” Head of External Communications Par Altan said.

…click on the above link to read the rest of the article…

24 Hours Later: “Unprecedented” Fallout From “Biggest Ransomware Attack In History”

May 13, 2017

24 Hours Later: “Unprecedented” Fallout From “Biggest Ransomware Attack In History”

24 hours after it first emerged, it has been called the first global, coordinated ransomware attack using hacking tools developed by the NSA, crippling over a dozen hospitals across the UK, mass transit around Europe, car factories in France and the UK, universities in China, corporations in the US, banks in Russia and countless other mission-critical businesses and infrastructure.

According to experts, “this could be one of the worst-ever recorded attacks of its kind.” The security researcher who tweets and blogs as MalwareTech told The Intercept, “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over 9 million computers in nearly 200 countries.

The fallout, according to cyber-specialists, has been “unprecedented”: it has left unprepared governments, companies and security experts from China to the United Kingdom on Saturday reeling, and racing to contain the damage from the audacious cyberattack that spread quickly across the globe, raising fears that people would not be able to meet ransom demands before their data are destroyed.

As reported yesterday, the global efforts come less than a day after malicious software, transmitted via email and stolen from the National Security Agency, exposed vulnerabilities in computer systems in almost 100 countries in one of the largest “ransomware” attacks on record. The cyberattackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users in the form of bitcoin to unlock the devices.

The ransomware was subsequently identified as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

…click on the above link to read the rest of the article…

“Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

May 12, 2017

“Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

The ransomware has been identifed as WannaCry

* * *

Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,

Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.

Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.

As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

Update 3: Microsoft  has issued a statement, confirming the status the vulnerability:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

…click on the above link to read the rest of the article…

Olduvai IV: Courage
Click on image to read excerpts

Olduvai II: Exodus
Click on image to purchase

Click on image to purchase @ FriesenPress