Latest Ransomware

[doctoryorkie]

No point bothering with links. This will degrade into the usual.

http://www.bbc.co.uk/news/technology-40416611

Laptop T420 i5 8GB SSD 2x Spinners Optimus GFX
HTPC 5350 8GB SSD 2x Spinners Antec 300
Desktop 2700K 16GB Revo x2 GTX570SC Antec900
Server N54L 8GB SSD 6x Spinners HD6450

[Dave Rice]

Just had this email

Dear Customer
Thank you for your recent order with Parcel2Go.
Unfortunately, due to a TNT system error, your TNT delivery may not have been booked or collected as scheduled. TNT cannot confirm when they will be able to fix the issue, so we are switching your delivery to a UPS service.

[The Duke]

TNT in the system is never good.

Jk aside, this is going to run and run, every few months forever,  It seems.

[Ed P]

Rumour is that it was a  Ukrainian Tax Advice program that was the initial vector!

[Bob Williams]

More than rumour Ed:     https://tinyurl.com/yb9c8m9o

” A growing number of security experts, including the British malware expert Marcus Hutchins – credited with ending the WannaCry ransomware outbreak – claim to have logs that reveal (Ukrainian tax-filing software)  MEDoc as the source. ”

Note that Russia is proud of not having suffered an attack…

 

When the Thought Police arrive at your door, think -
I'm out.

[Ed P]

Not true wrt Russia Bob:

“The Russian anti-virus firm Kaspersky Lab said its analysis showed that there had been about 2,000 attacks – most in Ukraine, Russia and Poland.”

[Bob Williams]

Ed P wrote:

Not true wrt Russia Bob: “The Russian anti-virus firm Kaspersky Lab said its analysis showed that there had been about 2,000 attacks – most in Ukraine, Russia and Poland.”

I cannot find the part of the report in (I think) RT which initially had some Russian figurehead boasting that Russian business was not affected, Ed. After visiting yesterday’s Beeb report, I see that a lot of Russian business is affected, including Antonov, Rosneft, (biggest Russian oil business) and Chernobyl monitoring software.

I humbly apologise to the Russian state, which is a strange thing for me to have to say!

 

When the Thought Police arrive at your door, think -
I'm out.

[Bob Williams]

It’s not Ransomeware, according to Kaspersky research and contributors:

https://tinyurl.com/ybpwlbn4

It’s just destructive wiping/

When the Thought Police arrive at your door, think -
I'm out.

[Ed P]

Not just destructive to one PC Bob, it appears it actively searches your network then uses some modified NSA tricks to hit all M$ OSs whether using SMB or not. Looks like full off-line backups may be an essential defence.

[Bob Williams]

After reading about this, I checked the Kaspersky information, manually update Kaspersky, and scan, then make an unscheduled backup. The rest is in the lap of the gods.

When the Thought Police arrive at your door, think -
I'm out.

[Ed P]

Not really Bob. There are some simple steps that can be taken such as using a Sandbox  (Sandboxie?) or Linux VM for all your browsing/emails. Ditto just using a Smartphone to do the same. This would however require that anything transferred to a PC would need a darned good scan before use.

[Author]

Posts