Windows 10: New global ransomware attack hits East Europe and spreading

The Big Blue World! AS/400?

 

Yup there are still a few of us left. Small banks is my area (up to tens or hundreds of branches only) but I went to the IBM Common show last year and there are lots of small midsize retail/insurance guys still at it. It isn't fasionable server really but it is my job and (thanks to gods) doesn't seem to be dead yet.

I didn't mean that regarding people at all.

I was talking about the enterprises I quoted. The police in the UK for example were compromised because they either didn't get enough money to upgrade their 34000 PC (still on XP) or didn't employ someone to do it. When they offered a job (for a massive upgrade if you think about it) they offered a pitiful salary and so got presumably feeble applicants.

I was not talking about individuals being rubbish but if you want a project manager to upgrade 34000 PC you do not offer them a salary less than a supermarket clerk would earn. What will happen? The person (however good they are) will fail as the budget is insufficient. If they were good they would work elsewhere and even if they had some bizarre loving of law enforcement they would be stammered by the lack of money for hardware.

That is all. I'm not saying the people are stupid - I'm saying you get caught out because your don't have enough money. Or, if you do have enough money in an enterprise environment (for example banks where I work) and get caught out then you are stupid.

 

Can you elaborate where you mentioned enterprises in this thread? I'm at a total loss, since the post I quoted is the following and makes no mention of Enterprises, but does state that anyone impacted deserves it as they are idiots. I find none of your posts that mentions enterprises; however, the following post seems to bear out that you're speaking to individuals, not enterprises.

And this is the post that set me off!

 

FWIW

When it comes to ransomware, or what we now know as a wiper (which has the same capabilities although differing payloads), we all should educate each other and not think of people being right or wrong, dumb or smart.

It's about protecting each and everyone's personal belongings and battling against the threat actors. We need to collaborate and share methods of protection.

 

I'm thinking I could've done this IT thing. Just learn to talk in acronyms and reference what needs to be performed via some lines of code. On the other hand, I can't get the IBM Technical Support mobile app on my Windows phone. *Wink *Biggrin

Did you work on those IBMs, TC?

Thanks for your security info, lx07.

 

Yes, last 10 years before retiring in 2002. AS/400 shop. Was the IT Director for a huge wholesaler. Had 150+ stores all over the country. Think they have over 500+ now.

 

Must've been a fulfilling career. I missed the boat on tech. Kind of regret at times I didn't pursue the field. Circumstances in 1969 got me into construction. At least I got the chance to use PCs in that business. On the other hand, I probably would've made a half fast tech like I am now. *chuckle

I meant to link this page in my last post in referring to acronyms.

IBM *SECADM Special Authority Is Required to Change QSECOFR Profile - United States

 

You're absolutely correct, Hydrate, which is why I objected to anyone saying that the ones who are impacted deserve it.

 

Busy day. Finally getting to this.

After reviewing my post, I realized I did come on too strong in parts. I cleaned it up some.

Yes, it is speculation, but my whole point of the post was on pursuing motive, so it includes any one person, group, or company. It could be anyone with the knowledge and Internet access for all we know.

Use what you like. Call me a Defender/MS fanboy if you’d like too, but I’ve had my rounds with AVs in the past. Defender, which runs in conjunction with the OS and at kernel level, has suited me just fine since its inception in Security Essentials. All these years I haven’t had but a few viruses or the like since, of which Defender caught. Also, who would know source code in Windows better than MS? IMO, it’s even better in 10.

Again, it could be anyone. In scouring articles, I haven’t been able to find any sources as to the Russians being implicated. If you have, please link. What you claim seems like speculation at this point. I’m sure you know well our principle here is that all are innocent until proven guilty. Russians included.

 

No, I have no evidence or have heard none that the Russians did it, but they are big state sponsors of cyberattacks. Most of the sources state it did start with an Accounting Software Company in Russia though. That puts it a lot closer to Russia than anyone else. But yes, still speculation.

 

It is multiple strikes against the same company. Makes you wonder who is really pulling the strings in Russia, if it was targeting Ukraine. Also the other question is, is why the systems at Chernobyl are not running better protection, or even running a OS based off of the Linux Kernel to monitor the systems and control the equipment for the new shell.

 

Microsoft posted very interesting article about Petya outbreak, including how Windows telemetry helped understand malware spreading.

 

Now, if you would just translate, please!?!?!?!? *Banghead

 

I'll challenge myself here to translate into laymen terms. The blue flags indicate where Microsoft's protection against the ransomware is available and mitigated the threat and eliminated it.

• A malicious software update containing the petya.dll (dynamic link library) provided by the threat actor (entity responsible for this madness) was executed upon patient zero's machine knowing it had been vulnerable, supposedly a client of a Ukrainian account company who has run into similar security issues. AppLocker would have restricted access to executable files, therefor stopping petya.
• This allows the malware to propagate and hijack the master boot record with full privileges from SeDebug.

I just got too lazy to continue, but essentially the SMB exploits spread across the networks from available from the other machines running SMB v1 and steals network credentials, find a list of all other machines, and spreads itself again using commands from WMIC and PSEXEC for remote execution across a network and allow petya.dll to spread and hijack more MBRs.

 

Is this and issue: