Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Cyber War. Show all posts
Showing posts with label Cyber War. Show all posts

Tuesday, June 27, 2017

Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry - News



Watch out, readers! It is ransomware, another WannaCry, another wide-spread attack.

The WannaCry ransomware is not dead yet and another large scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins.

According to multiple sources, a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused to infect 300,000 systems and servers worldwide in just 72 hours last month.

Apart from this, many victims have also informed that Petya ransomware has also infected their patch systems.
"Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.

Petya is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.

Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.

Petya ransomware replaces the computer's MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

Don't Pay Ransom, You Wouldn’t Get Your Files Back 

Infected users are advised not to pay the ransom because hackers behind Petya ransomware can’t get your emails anymore.

Posteo, the German email provider, has suspended the email address i.e. wowsmith123456@posteo.net, which was behind used by the criminals to communicate with victims after getting the ransom to send the decryption keys.

At the time of writing, 23 victims have paid in Bitcoin to '1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX' address for decrypting their files infected by Petya, which total roughly $6775.

Petya! Petya! Another Worldwide Ransomware Attack

Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry

Screenshots of the latest Petya infection, shared on Twitter, shows that the ransomware displays a text, demanding $300 worth of Bitcoins. Here's what the text read:
"If you see this text, then your files are no longer accessible, because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."
According to a recent VirusTotal scan, currently, only 16 out of 61 anti-virus services are successfully detecting the Petya ransomware malware.

Petya Ransomware Hits Banks, Telecom, Businesses & Power Companies

petya-ransomware
Supermarket in Kharkiv, East Ukraine
Petya ransomware has already infected — Russian state-owned oil giant Rosneft, Ukrainian state electricity suppliers, "Kyivenergo" and "Ukrenergo," in past few hours.
"We were attacked. Two hours ago, we had to turn off all our computers. We are waiting for permission from Ukraine's Security Service (SBU) to switch them back on," Kyivenergo's press service said.
There are reports from several banks, including National Bank of Ukraine (NBU) and Oschadbank, as well as other companies confirming they have been hit by the Petya ransomware attacks.

Maersk, an international logistics company, has also confirmed on Twitter that the latest Petya ransomware attacks have shut down its IT systems at multiple locations and business units.
"We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently asserting the situation. The safety of our employees, our operations and customers' business is our top priority. We will update when we have more information," the company said.
The ransomware also impacts multiple workstations at Ukrainian branch's mining company Evraz.

The most severe damages reported by Ukrainian businesses also include compromised systems at Ukraine's local metro and Kiev's Boryspil Airport.

Three Ukrainian telecommunication operators, Kyivstar, LifeCell, Ukrtelecom, are also affected in the latest Petya attack.

How Petya Ransomware Spreading So Fast?


Symantec, the cyber security company, has also confirmed that Petya ransomware is exploiting SMBv1 EternalBlue exploit, just like WannaCry, and taking advantage of unpatched Windows machines.

"Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network based threat (MS17-010)," security researcher using Twitter handle ‏HackerFantastic tweeted.

EternalBlue is a Windows SMB exploit leaked by the infamous hacking group Shadow Brokers in its April data dump, who claimed to have stolen it from the US intelligence agency NSA, along with other Windows exploits.

Microsoft has since patched the vulnerability for all versions of Windows operating systems, but many users remain vulnerable, and a string of malware variants are exploiting the flaw to deliver ransomware and mine cryptocurrency.

Just three days ago, we reported about the latest WannaCry attack that hit Honda Motor Company and around 55 speed and traffic light cameras in Japan and Australia, respectively.

Well, it is quite surprising that even after knowing about the WannaCry issue for quite a decent amount of time, big corporates and companies have not yet implemented proper security measures to defend against such threat.

How to Protect Yourself from Ransomware Attacks

petya-ransomware-attack
What to do immediately? Go and apply those goddamn patches against EternalBlue (MS17-010) and disable the unsecured, 30-year-old SMBv1 file-sharing protocol on your Windows systems and servers.

Since Petya Ransomware is also taking advantage of WMIC and PSEXEC tools to infect fully-patched Windows computers, you are also advised to disable WMIC (Windows Management Instrumentation Command-line).

Prevent Infection & Petya Kill-Switch

Researcher finds Petya ransomware encrypt systems after rebooting the computer. So if your system is infected with Petya ransomware and it tries to restart, just do not power it back on.
"If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine." ‏HackerFantastic tweeted. "Use a LiveCD or external machine to recover files"
PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, company has advised users to create a file i.e. "C:\Windows\perfc" to prevent ransomware infection.

To safeguard against any ransomware infection, you should always be suspicious of unwanted files and documents sent over an email and should never click on links inside them unless verifying the source.

To always have a tight grip on your valuable data, keep a good back-up routine in place that makes their copies to an external storage device that isn't always connected to your PC.

Moreover, make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date. Most importantly, always browse the Internet safely.


Source: The Hacker News
OffensiveSec
Share:

Sunday, January 1, 2017

Obama expels 35 Russian diplomats in retaliation for US election hacking



The Obama administration on Thursday announced its retaliation for Russian efforts to interfere with the US presidential election, ordering sweeping new sanctions that included the expulsion of 35 Russians.
Syria ceasefire appears to hold after rivals sign Russia-backed deal
Read more

US intelligence services believe Russia ordered cyber-attacks on the Democratic National Committee (DNC), Hillary Clinton’s campaign and other political organizations, in an attempt to influence the election in favor of the Republican candidate, Donald Trump.

In a statement issued two weeks after the president said he would respond to cyber-attacks by Moscow “at a time and place of our choosing”, Obama said Americans should “be alarmed by Russia’s actions” and pledged further action. 


“I have issued an executive order that provides additional authority for responding to certain cyber activity that seeks to interfere with or undermine our election processes and institutions, or those of our allies or partners,” Obama said in the statement, released while he was vacationing with his family in Hawaii.

“Using this new authority, I have sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.

“In addition, the secretary of the treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information.” He also announced the closure of two Russian compounds in the US.

Obama added that more actions would be taken, “some of which will not be publicized”.

On Thursday, Trump, who has previously dismissed reports of Russian interference in the election, said in a statement: “It’s time for our country to move on to bigger and better things.”
Advertisement

He added, however, that “in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation.”

In a conference call with reporters, senior White House officials said the president-elect’s transition team was informed of the sanctions before they were announced on Thursday. Trump and Obama spoke on Wednesday, they said.

The officials added that the actions were a necessary response to “very disturbing Russian threats to US national security”.

“There has to be a cost and a consequence for what Russia has done,” a senior administration official said. “It is in a extraordinary step for them to interfere in the democratic process here in the United States of America. There needs to be a price for that.”

In Moscow, a Putin spokesman said Russia regretted the new sanctions and would consider retaliatory measures.

Diplomatic expulsions are normally met with exactly reciprocal action. In this case, however, Moscow may pause for thought. With Trump, who has spoken positively about Russia and Vladimir Putin, just three weeks away from the White House, Russia may feel it is inadvisable to kick out 35 US diplomats.

However, Russian authorities on Thursday ordered the Anglo-American School of Moscow closed, according to CNN, citing a US official briefed on the matter. The school serves children of US, British and Canadian embassy personnel, and would effectively make a Russian posting difficult for US diplomats with families.

Konstantin Kosachyov, chairman of the international affairs committee in the upper house of the Russian parliament, was quoted by the RIA news agency as saying the US move represented “the death throes of political corpses”.

The Twitter feed of the Russian embassy in London, meanwhile, called the Obama administration “hapless” and attached a picture of a duck with the word “LAME” emblazoned across it.


On the White House call, officials were asked about the prospect of Trump overturning the sanctions. They acknowledged that a future president could reverse course but warned against such an “inadvisable” step.

“We have no reason to believe that Russia’s activities will cease,” a senior official said. “One reason why I think it is necessary to sustain these actions is because there’s every reason to believe Russia will interfere with future US elections.”

On Capitol Hill, Democrats applauded the president’s action, called for further measures and emphasized bipartisan support for a thorough investigation into Russian hacking.

“I hope the incoming Trump administration, which has been far too close to Russia throughout the campaign and transition, won’t think for one second about weakening these new sanctions or our existing regime,” incoming Senate minority leader Chuck Schumer said in a statement.

“Both parties ought to be united in standing up to Russian interference in our elections, to their cyber attacks, their illegal annexation of Crimea and other extra-legal interventions.”

Ben Cardin, the top Democrat on the Senate foreign relations committee, called for further sanctions from the new Congress when it convenes in January.

GOP leaders were quick to frame the new sanctions as too little, too late.

“While today’s action by the administration is overdue,” House speaker Paul Ryan said in a statement, “it is an appropriate way to end eight years of failed policy with Russia. And it serves as a prime example of this administration’s ineffective foreign policy that has left America weaker in the eyes of the world.”

Republican senators John McCain and Lindsey Graham, two of Russia’s fiercest critics, echoed Ryan but also called for tough Congressional sanctions.

“Ultimately, [the sanctions] are a small price for Russia to pay for its brazen attack on American democracy,” the two men said in a joint statement. “We intend to lead the effort in the new Congress to impose stronger sanctions on Russia.”


 The 35 Russian diplomats being expelled are “intelligence operatives”, Obama said. The state department has declared them “persona non grata” and they will be given 72 hours to leave the country.

Starting on Friday at noon, the White House said, Russia will be denied access to compounds in Maryland and New York that have been used for intelligence-related purposes.

A statement from the state department said the diplomatic expulsions were a response not only to hacking but to “a pattern of harassment of our diplomats overseas, that has increased over the last four years, including a significant increase in the last 12 months”.

The statement said the harassment has included “arbitrary police stops, physical assault, and the broadcast on state TV of personal details about our personnel that put them at risk”.

For some time, US diplomats in Russia have anecdotally reported being followed and harassed by police.

In June, a US diplomat was wrestled to the ground by a policeman as he scrambled to get inside the embassy. Russian authorities said the man was a CIA agent operating under diplomatic cover.


Source: theguardian
Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition