[npnog] SECOND GLOBAL RANSOMWARE OUTBREAK UNDER WAY

Rupesh Basnet rupesh at omnetworks.com.np
Wed Jun 28 00:09:50 NPT 2017 

    A SCARY NEW RANSOMWARE OUTBREAK USES WANNACRY’S OLD TRICKS

A global WannaCry-like ransomware outbreak–which began in Russia and 
Ukraine and spread across Europe–is being reported today. The attack is 
locking down networks in a number of industries, including energy, 
transportation, shipping and financial.

Reports suggest that ransomware is similar in scope and intensity to 
WannaCry and could be spreading using the same leaked NSA EternalBlue 
exploit that WannaCry used in early May to infect machines in more than 
150 countries.

  Here’s what is know right now:

  * Various media reports say the ransomware bares similarities to the
    Petya ransomware family
    <https://nakedsecurity.sophos.com/2016/04/04/new-ransomware-with-an-old-trick-petya-parties-like-its-1989/> that
    encrypts MFT (Master File Tree) tables and overwrites the MBR
    (Master Boot Record), dropping a ransom note and leaving victims
    unable to boot their computer. Because it blocks boot efforts and
    prevents affected systems from working altogether, it’s considered
    more dangerous than typical ransomware strains.
  * Various media reports suggest the attacker took inspiration from
    last month’s WannaCry outbreak
    <https://www.sophos.com/en-us/lp/wanna-ransomware-outbreak-how-to-stay-protected.aspx?cmp=70130000001xKqzAAE>,
    which infected hundreds of thousands of computers across the globe
    by exploiting NSA code leaked by Shadow Brokers
    <https://nakedsecurity.sophos.com/2017/05/17/wannacry-the-ransomware-worm-that-didnt-arrive-on-a-phishing-hook/>.
    Specifically, it used a variant of the Shadow Brokers’ APT
    EternalBlue Exploit (CC-1353), which targeted a flaw in the Windows
    Server Message Block (SMB) service.
  * Attackers are demanding payment of a $300 ransom in Bitcoins to
    regain control, according to various reports.


    Defensive measures

Here’s what we urge you to do right now:

  * Patch your systems, even if you’re using an unsupported version of
    XP, Windows 8 or Windows Server 2003
    <http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598>
  * Back up regularly and keep a recent backup copy off-site. There are
    dozens of ways other than ransomware that files can suddenly vanish,
    such as fire, flood, theft, a dropped laptop or even an accidental
    delete. Encrypt your backup and you won’t have to worry about the
    backup device falling into the wrong hands
  * Avoid opening attachments in emails from recipients you don’t know.

-- 

Regards,
Rupesh Basnet
M: +9779801043594
Skype: roopeess

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.npnog.org/pipermail/npnog/attachments/20170628/26297a66/attachment.html>

More information about the npnog mailing list