Archive for the ‘ransomware’ Category
Atlanta’s Cyber Attack
In case you hadn’t heard or read, the city of Atlanta has been hamstrung by a ransomware attack that began last Thursday.
The New York Times’ Alan Blinder and Nicole Perlroth provided an update yesterday. The key facts thus far:
- This was one of the most “sustained and consequential cyberattacks ever mounted against a major American city.”
- It “laid bare once again the vulnerabilities of governments as they rely on computer networks for day-to-day operations.”
- The attackers, the “SamSam” hacking crew, locked up the city’s files, and gave the city a week to pay ~ $51,000 in ransom via Bitcoin.
- While the attack didn’t impact Atlanta’s 911 calls or wastewater treatment, “other arms of city government have been scrambled for days.”
- But the Atlanta Municipal Court has been unable to validate warrants, police officers have been writing reports by hand, and the city has stopped taking employment applications.
- Dell SecureWorks and Cisco Security are working to restore the city’s systems, and the city’s mayor, Keisha Lance Bottoms, has not yet indicated whether the city would pay the ransom.
The Times also cited a 2016 survey of CIOs for jurisdictions across the country found that obtaining ransom was the “most common purpose of cyberattacks on a city or county government, accounting for nearly one-third of all attacks.”
In the meantime, many of Atlanta’s core public services are being delivered by that trusty and dependable standby, pen and paper.
If you’re interested in learning more about how to contend with ransomware, IBM Incident Response Services published this “Ransomeware Response Guide (Registration required).”
Game of Hacks
I’ve been following this HBO hack with great fascination.
One, because I’ve always had an interest in cybersecurity matters (although I’m not a hacker, nor do I play one on the Internets).
Two, because it’s HBO, whom I’m also a big fan of, and I still remember the reverberations of the Sony hack in late 2014, one which led to the downfall of its dear leader, Amy Pascal.
The Guardian has a new story out this morning on the HBO hack, alleging that the HBO hackers have "released personal phone numbers of Game of Thrones actors, emails and scripts in the latest dump of data stolen from the company," and, that they "are demanding a multimillion-dollar ransom to prevent the release of whole TV shows and further emails."
Where’s Daenerys Targaryen and those flying, fire-breathing dragons when you need them?
And is it just me, or do I find it completely serendipitous that this hack comes about around the time of probably one of the peak episodes of the entire GOT franchise…SPOILER ALERT…you know, the one where Daenerys finally unleashes the wrath of those damned dragons and Dothraki scythes on Jaime Lannister and his woefully unprepared army.
While GOT players will settle for bags of gold, the HBO hacker, now someone calling themselves "Mr. Smith." (You can’t make this $%#$ up!), has apparently told HBO chief executive Richard Plepler in a 5-minute video letter to pay the ransom within three days or they would put the HBO shows and confidential corporate data online.
Continues the Guardian report: "The hackers claim to have taken 1.5TB of data — the equivalent to several TV series box sets or millions of documents — but HBO said that it doesn’t believe its email system as a whole has been compromised."
Along with the video letter, the hackers have gone ahead and released 3.4GB of files, including technical data about the HBO internal network and admin passwords, draft scripts from five Game of Thrones episodes, and a month’s worth of email’s from HBO’s VP for film programming, Leslie Cohen.
The whole episode sounds as though it could have been derived from a script from Mr. Robot, but so far as I know, USA Network has, thus far, been immune from hacktivists.
HBO’s response, according to The Hacker News, is that the company’s "forensic review is ongoing."
But one has to wonder whether, somewhere on some back lot in Hollywood, that HBO’s brass is filling the gas tanks on a few dragons of its own.
For the audience, it may all just be pure entertainment.
But HBO is running a business, and they, nor any other going concern, should ever have to be held hostage by somebody calling themselves something as unimaginative as "Mr. Smith."
Especially not in Hollywood.
The Petya Attack
Another big ransomware attack is coming…has already arrived??
From The Verge: A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month’s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport. Systems were also compromised at Ukraine’s Ukrenego electricity supplier, although a spokesperson said the power supply was unaffected by the attack.
From Krebs on Security: A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain….Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker group calling itself the Shadow Brokers….Organizations and individuals who have not yet applied the Windows update for the Eternal Blue exploit should patch now. However, there are indications that Petya may have other tricks up its sleeve to spread inside of large networks.
The Guardian is reporting that “Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom.”
The New York Times on what we know and what we don’t.
And from IBM’s X-Force Exchange: Petya Ransomware Campaign.
turbotodd
Turbotodd 