Home » Posts tagged 'wannacry'

Tag Archives: wannacry

Olduvai
Click on image to purchase

Olduvai III: Catacylsm
Click on image to purchase

Post categories

Post Archives by Category

The WannaCry Cyberattack: What the Evidence Says and Why the Trump Administration Blames North Korea

The WannaCry Cyberattack: What the Evidence Says and Why the Trump Administration Blames North Korea  

Photo by Blogtrepreneur | CC BY 2.0

On December 19, in a Wall Street Journal editorial that drew much attention, Homeland Security Advisor Tom Bossert asserted that North Korea was “directly responsible” for the WannaCry cyberattack that struck more than 300,000 computers worldwide. The virus encrypted files on infected computers and demanded payment in return for supposedly providing a decryption key to allow users to regain access to locked files. Bossert charged that North Korea was “using cyberattacks to fund its reckless behavior and cause disruption across the world.” [1]

At a press conference on the same day, Bossert announced that the attribution was made “with evidence,” and that WannaCry “was directed by the government of North Korea,” and carried out by “actors on their behalf, intermediaries.” [i] The evidence that led to the U.S. to that conclusion? Bossert was not saying, perhaps recalling the ridicule that greeted the FBI and Department of Homeland Security’s misbegotten report on the hacking of the Democratic National Committee.

[i] “Press Briefing on the Attribution of the WannaCry Malware Attack to North Korea,” Whitehouse.gov, December 19, 2017.

The centerpiece of the claim of North Korean culpability is the similarity in code between the Contopee malware, which opens backdoor access to an infected computer, and code in an early variant of WannaCry. [3]

Contopee has been linked to the Lazarus group, a cybercrime organization that some believe launched the Sony hack, based on the software tools used in that attack. Since North Korea is widely considered to be behind the cyberattack on Sony, at first glance that would appear to seal the argument.

…click on the above link to read the rest of the article…

Bad Rabbit Ransomware: ‘This Is A Targeted Attack’

Bad Rabbit Ransomware: ‘This Is A Targeted Attack’

ransomware

The Bad Rabbit ransomware is spreading across Europe not long after the WannaCry and NotPetya outbreaks. But Bad Rabbit is a “targeted attack” with widespread implications.

A new cyber attack is affecting numerous computer systems around Europe. The new strain of ransomware known as “Bad Rabbit” is believed to be behind all of the trouble.  Bad Rabbit has spread to Russia, Ukraine, Turkey, and Germany. Cybersecurity firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier in the year.

According to the Kaspersky Lab, the majority of victims are located in Russia, and the ransomware appears to have infected devices through the hacked websites of Russian media organizations. Interfax and Fontanka in Russia have both been hit by a cyber attack, as have Odessa Airport and the Kiev Metro in Ukraine.

“Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the ExPetr attack,” Kaspersky Lab has said. “However, we cannot confirm it is related to ExPetr.” According to Secure Lst,  ExPetr is a wiper, not ransomware. “The dangerous aspect is the fact that it was able to infect many institutions which constitute critical infrastructure in such a short timeframe,” says Robert Lipovsky, a malware researcher at ESET, “which indicates a well-coordinated attack.”

Kaspersky also found strong evidence tying the new attack to the creators of NotPetya. After the June NotPetya outbreak, the company’s analysts found that one Ukrainian news site, Bahmut.com.ua, had been hacked to deliver the malware, along with dozens of other sites that were similarly corrupted—but hadn’t yet been activated to start infecting victims. Now Kaspersky has found that 30 of those hacked sites began to distribute the BadRabbit malware on Tuesday. –Wired

…click on the above link to read the rest of the article…

Olduvai IV: Courage
Click on image to read excerpts

Olduvai II: Exodus
Click on image to purchase

Click on image to purchase @ FriesenPress