Wednesday, June 28, 2017

Additional Background On "GoldenEye" -- Merck Likely Just In "Collateral Damage Path" -- Not A Target, Proper...

The Washington Post has a little more on the ransom-ware story, today.

So we will offer it up -- primarily to suggest that this doesn't look like it was intended to target Kenilworth with any specificity. [Back in December 2014, it seems life sciences companies were specifically targeted -- but not this time.] Even so, do patch and update all your Windows machines, folks. Word. Here's the bit:

. . . .Although Microsoft in March made available a patch for the Windows flaw exploited by EternalBlue, Petya and its variants use other techniques to infect systems, said Jeff Greene, Symantec government affairs director. “It’s a worm that has multiple ways to spread,” he said, which could explain why there are victims who applied the EternalBlue patch and still were affected.

The malware Kaspersky is calling *ExPetr* differs from WannaCry in that it does not appear to reach out to the Internet and scan for vulnerable systems, said Paul Burbage, a malware researcher with Flashpoint, a cyberthreat analysis firm. It limits itself to the computers linked to the same router.

He said the variant of Petya used in the attacks is called GoldenEye, which was sold on underground forums used mainly by Russian-speaking criminal hackers, he said. . . .

Suspicions in Ukraine quickly fell on Russia, which annexed Crimea in 2014 and has been blamed for several large-scale cyberattacks on Ukraine’s power infrastructure. But no proof of the attack was presented, and Russian companies, like the oil giant Rosneft, also complained of being hit by a “powerful hacking attack.” Photographs leaked to the news media from a Rosneft-owned regional oil company showed computers displaying ransomware demands similar to those in Ukraine. . . .

Of course, it could well be that the Russian entities were also simply in the (unintended, accidental) collateral damage path. More sinisterly, that may have been intentional, to deflect attention from the Russian actors. We will likely never know. Onward, on a now cloudy but warm day.


No comments: