Free Republic
Browse · Search 		Bloggers & Personal
Topics · Post Article

To: davikkm

Exact motive for hack attack will likely remain speculation.

Here’s what’s known via latest update from Krebs:
https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/#more-39734

The latest information about update:

1. It’s not Petya, although it may be by the author of Petya. It’s even being called “NotPetya”.

2. There is no kill switch, but the program checks for the presence of a file called “perfc” in c:windows. If the file is present, the ransomware at least does not run.

3. Posteo in Germany have closed the email account that was the sole point of contact for those infected. So now victims don’t have any hope of getting their files back unless they have a complete backup.

4. As well as ETERNALBLUE the authors are using a second NSA exploit, ETERNALROMANCE.

The panic is somewhat overdone unless of course you’re working for a large organisation with thousands of endpoints. The infection phase is almost certainly over now and it won’t spread outside infected networks.

See BleepingComputer for more info
1 – As Breaking News:
https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

2. Posteo removes email account
https://www.bleepingcomputer.com/news/security/email-provider-shuts-down-petya-inbox-preventing-victims-from-recovering-files/

3. Origin + Infection routine
https://www.bleepingcomputer.com/news/security/petya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software/

4. “Vaccine”
https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/


5 posted on 06/28/2017 9:40:59 AM PDT by MarchonDC09122009 (When is our next march on DC? When have we had enough?)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: MarchonDC09122009

“Here’s what’s known via latest update from Krebs:”

So Maynard got into computer science? Work?


7 posted on 06/28/2017 10:03:02 AM PDT by Dr. Bogus Pachysandra (Don't touch that thing Don't let anybody touch that thing!I'm a Doctor and I won't touch that thing!)
[ Post Reply | Private Reply | To 5 | View Replies ]
To: MarchonDC09122009; All

I work for a very large corporation.
There were a few clusters of un-patched systems that got clobbered.

But most machines were never infected by WannaCry.

It’s time to SUE those corporations that do not patch their systems to current standards and have inadequate perimeter security and procedures...if they end up denying paid-for services.

The hackers will always be there. The REAL problem is lax security on the part of corporate networks.


24 posted on 06/28/2017 11:03:49 AM PDT by Mariner (War Criminal #18)
[ Post Reply | Private Reply | To 5 | View Replies ]

Free Republic
Browse · Search 		Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson