Watch out! New ransomware attack spreading from Russia

Komando.com ^ | October 25, 2017 | By Francis Navarro, Komando.com

[Swordmaker]

This year's global outbreaks of the WannaCry and Petya/GoldenEye ransomware variants shook the tech and business world. Traditionally designed as a for-profit malware scheme, ransomware encrypts important files on computers and demands a ransom to give you access to them again.

These cyberattacks mainly targeted outdated and unpatched Windows machines, which are vulnerable to a variety of NSA hacking tools leaked earlier this year. Since the flaws are wormable, the attacks even prompted Microsoft to make an unusual move - it released a patch for the now obsolete and unsupported operating systems to protect the apparent millions of users still using this outdated software.

Now, it appears that a new variant of the Petya ransomware is once again spreading rapidly, crippling key government offices, transportation services and corporations around the globe. But is it what it seems?

Bad Rabbit This new ransomware attack has spread across Russia, Ukraine, Turkey and Bulgaria, crippling multiple news organizations and transportation systems in its wake. There are also reports that the attack has reached targets in the U.S.

The new ransomware strain, named "Bad Rabbit" by its authors, is suspected to be a new variant of Petya and it operates quite similarly - it encrypts the files of a target computer then demands a ransom to restore the files.

In Bad Rabbit's case, its authors are demanding a ransom of 0.05 Bitcoin, equivalent to around $282. The ransom note also displays a 41-hour countdown timer that threatens the victim to pay up before it hits zero or else, the ransom goes up.

[Swordmaker]

pinging for your list... another ransomware attack spreading due to a false FLASH download that hits only Windows computers. Not good.

[Red Badger]

Ping!....................

[knarf]

I just downloaded Zonealarm for the first time.

I wonder what made me DO that ?

[AppyPappy]

You should only browse the web and use email as a normal user, not an administrator. Better yet, create a virtual box to do it.

[PistolPaknMama]

What did you download? Anti-ransomeware, firewall, etc?

[Swordmaker]

Thanks for the ping, but I posted the article. In any case, this attack only works on Windows computers being a variant of the Petya ransomware, which only runs on Windows computers.

It is also a Trojan horse attack, in that it requires the complicity of the user to download and install a spurious Adobe Flash update to get infected. Apple Macs block the downloading, installation, and first run of any of that family of trojans.

[wally_bert]

I’d say a Linux live disc.

Chop power at the first sign of weirdness.

[butlerweave]

I would just pop a DVD in and reinstall Windows because I have no important info on my computer ,but most important I use Linux

[knarf]

They have a free trial of all of that.

[bmwcyle]

Watch out! New ransomware attack spreading from Russia Hillary's friends.

[TBP]

Putin needs money for his rearming and his espionage.

[dayglored]

Ransomware / Flash Warning! ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to Swordmaker for the ping!!

[McGruff]

a section titled “Umbrage” that details the CIA’s ability to impersonate cyber-attack techniques used by Russia and other nation states. In theory, that means the agency could have faked digital forensic fingerprints to make the Russians look guilty of hacking the Democratic National Committee.

https://www.wired.com/2017/03/wikileaks-cia-dump-gives-russian-hacking-deniers-perfect-ammo/

Things that make you hmm...

[bitt]

heads up!

[goodnesswins]

prevention suggestions....I’ve read the thread so far, and don’t understand whether I’m “administrator” ...I THINK I am....and how to run using a “virtual” something or other...help

[dayglored]

> I’ve read the thread so far, and don’t understand whether I’m “administrator” ...I THINK I am....and how to run using a “virtual” something or other...help

In Windows, you're an administrator if either of the following are true:

• You are logged in as the user named "Administrator"
• You are logged in as a user with a different name (not "Administrator"), but your user is a member of the "Administrators" group.

The steps for finding out the above are a little different in each version of Windows. What version are you running?

A "Virtual Machine" is sort of a computer inside another computer. That's a BIG topic, which I'd encourage you to read up on at your own pace, to see if it's something you want to try out. It can get very technical.

Layman's description: https://www.howtogeek.com/196060/beginner-geek-how-to-create-and-use-virtual-machines/

Detailed description: https://en.wikipedia.org/wiki/Virtual_machine

[goodnesswins]

Just got Windows 10 a few months ago...thank you. I think I am the administrator, since this is my home laptop, and no one else has had access to it...lol.

[Bob434]

what is going to end up happening is more and more people are going to run windows in a virtual machine on their linux systems- then these ransomwares can’t infect (I think?) because nothing is saved unless you choose to save your session-

Another viable option is for everyone to install rollbackRX- it is system restore on steroids- and will allow you to roll back you system to a known good virus free time before you got the virus- and it does so on boot- before ransomware can start I believe- as rollbackRX protects the master boot record

Here’s a link discussing the issue for anyone itnerested:

http://community.horizondatasys.com/forum/rollback-rx/3873-will-rollback-rx-protect-against-petya-ransomware