Tuesday’s massive ransomware outbreak was, in fact, something much worse

ArsTechnica ^ | 6/29/2017 | DAN GOODIN

[TigerLikesRooster]

Tuesday’s massive ransomware outbreak was, in fact, something much worse

Payload delivered in mass attack destroys data, with no hope of recovery.

DAN GOODIN - 6/29/2017, 5:30 AM

Tuesday's massive outbreak of malware that shut down computers around the world has been almost universally blamed on ransomware, which by definition seeks to make money by unlocking data held hostage only if victims pay a hefty fee. Now, some researchers are drawing an even bleaker assessment—that the malware was a wiper with the objective of permanently destroying data.

Initially, researchers said the malware was a new version of the Petya ransomware that first struck in early 2016. Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya's behaviors. With more time to analyze the malware, researchers on Wednesday are highlighting some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive that it's impossible for victims to recover their data.

In other words, the researchers said, the payload delivered in Tuesday's outbreak wasn't ransomware at all. Instead, its true objective was to permanently wipe as many hard drives as possible on infected networks, in much the way the Shamoon disk wiper left a wake of destruction in Saudi Arabia. Some researchers have said Shamoon is likely the work of developers sponsored by an as-yet unidentified country. Researchers analyzing Tuesday's malware—alternatively dubbed PetyaWrap, NotPetya, and ExPetr—are speculating the ransom note left behind in Tuesday's attack was, in fact, a hoax intended to capitalize on media interest sparked by last month's massive WCry outbreak.

[relictele]

Hillary Clinton on line 2....

[Paladin2]

Can they just target Mueller and his minions?

[Paladin2]

I swear, for decades it’s always those darn DO Looops that allow one to Bigly enhance one’s ability to make mistakes.

[TChad]

Simple Windows vaccine for current version of Petya:

https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

That page contains a link to this short batch file program:

https://download.bleepingcomputer.com/bats/nopetyavac.bat

Download it, right click the downloaded program, and run it as administrator.

Don't be surprised if a later version of Petya is not blocked by this technique.

[TigerLikesRooster]

Nearly impossible to write a program with no loops, though.
New generation of object-oriented languages turned simple loop tasks into methods attached to an object. Still you eventually need your own user-defined loops.

[BushCountry]

Ping

[Texas Fossil]

If you use Firefox (mine’s Linux version, Iceweasel) there is a plugin called No Script. I’ve used it for several years.

That and task manager is how I combat Java script attacks. I commonly get them. I only enable the minimum number of Java scripts for a specific site. It has helped.

It may not be protection from this attack.

[Texas Fossil]

But all of what you said is true and valid advice.

[mad_as_he$$]

So how does one know this is safe?

[MayflowerMadam]

Fie on the cloud! Why anyone would want ANY of their stuff “out there” in cyberspace is beyond me.

[dynachrome]

From the article:

In almost all other aspects, Tuesday's malware was impressive. It used two exploits developed by and later stolen from the National Security Agency. It combined those exploits with custom code that stole network credentials so the malware could infect fully patched Windows computers. And it was seeded by compromising the update mechanism for M.E.Doc, a tax-filing application that is almost mandatory for companies that do business in Ukraine.

[TigerLikesRooster]

You may dodge cloud onslaught for now, but all big IT companies will force people to use cloud. A growing number of companies offer cloud-only service.

[fso301]

FOUR TB FOR $129, Incredible!

I remember looking in awe at a 1GB drive.

[MayflowerMadam]

“You may dodge cloud onslaught for now, but all big IT companies will force people to use cloud.”

That’s fine, I guess. I’m almost 70 and retired, and I don’t really have/do anything important. I’ll just continue to use my 2T external for now.

[fso301]

Actually, I think it was a 2.1GB drive. Might have been a Seagate drive.

[TigerLikesRooster]

Keep all your program installation CD’s and offline installation files. That will come handy someday. They may not even allow offline program installation soon.

[rlmorel]

I paid nearly $800 for a 20 MB SCSI hard drive. Hard to believe...

[CincyRichieRich]

Clinton Foundation has a lot of cash to help pay for such work around the globe to meet their ends.

[TigerLikesRooster]

Seagate drives are not really reliable. Might have some convenient features, but they tend to die sooner than I expected.

If you want them for purely backup purpose, Japanese drives could be better choices. They are purely external storage devices, not trying to be close substitutes for internal hard drives, which have to handle constant data transfer. My experience shows that they are more durable. I used to use Seagate but switched to Toshiba. So far they are doing well.

[AMiller]

I have a hard drive dock and several hard drives in a box in my closet. At least once a week I take the oldest backup and overwrite it with a new full image backup. I also have a program that views all email in non-HTML mode so I can delete anything questionable before loading my mail program.