Thousands of computers around the world are getting locked up by a
fast-spreading ransomware. Big businesses are getting hit. An entire hospital
is shut out of its system
. Suddenly, it's everywhere: the next big ransomware
attack.
Here we go again. And again and again and again and again.
GoldenEye, a new strain of the Petya ransomware, took the world by
storm on Tuesday after starting with a cyberattack in Kiev, Ukraine. From
there, it spread to the country's electrical grid, airport and government
offices. At the Chernobyl nuclear disaster site, workers had to monitor
radiation manually because of the attack. And then it began to go global.
Russia's largest oil production company, Rosneft, suffered a
cyberattack. Denmark-based Maersk, the largest shipping company in the world,
had to shut down several of its systems to prevent the attack from spreading.
New Jersey-based Merck, one of the largest pharmaceutical companies in the
world, also suffered a massive hack. FedEx's TNT Express service was hit hard
from the breach as well.
The list of affected victims goes on, just like it did when the
WannaCry ransomware hit in May and locked up more than 200,000 computers across
the globe.
It only took 44 days for GoldenEye to stare us down.
Ransomware has been around for years but generally only targeted
individual networks, like a single hospital or person. But after the Shadow
Brokers hacker group leaked National Security Agency exploits in April,
cybercriminals were handed a much more dangerous weapon.
The NSA's EternalBlue exploit, which took advantage of a Windows PC's
ability to quickly spread files across a network, is the ammunition that powers
both WannaCry and GoldenEye.
With the exploit, you don't need to be breached personally to get
infected.
Even if you're a responsible user on an updated computer, someone on
your network could be tricked into downloading malware through emails or a
loaded Word document.
It's why you're seeing attacks on this scale and why the word
"unprecedented" keeps getting thrown around.
Imagine fishing with a single rod and then suddenly you're given a
giant net. For hackers, it's time to head out to sea.
Ransomware 2.0
The mix of the NSA's hacking tools with normal malware has created a
toxic combination, especially since you can essentially go shopping for
malware. GoldenEye is a variant of Petya, which was sold on forums on the dark
web since last April as a ransomware service: The buyers get 85 percent of the
profit, while the malware's creators reap 15 percent.
"You don't have to be a cyber wiz to inflict cyber damage,"
Michael Daly, chief technology officer at Raytheon Cybersecurity, said in an
email. "Various do-it-yourself kits are available as well as ransomware as
an outsourced service on the deep web forums."
The malware has gotten smarter, too. WannaCry, despite its fame, was
fairly basic. A researcher accidentally discovered its killswitch after
experimenting with a registered domain name.
Compared with GoldenEye, WannaCry looks like it was written by
amateurs. Using Petya, the new ransomware attack not only encrypts crucial
files but your entire hard drive and then forces your computer to restart.
It also deletes the computer's event logs to cover its tracks and hide
from analysts, said Mark Mager, a security researcher at Endgame.
"Forensic analysts will be unable to access this data that would
be useful to their investigation," Mager said in a direct message.
And you can't just accidentally find the killswitch again. Amit Serper,
a Cybereason researcher, found a way to block GoldenEye by creating a file on
your hard drive, but it won't shut down every infection like the WannaCry
killswitch.
Marcus Hutchins, better known as Malware Tech and the researcher who
found the WannaCry fix, said a fix for GoldenEye would not be "doable
remotely."
The fix isn't in
WannaCry was supposed to be a wake-up call for people to update their
computers with the latest software. But it appears people just forgot about the
attack and went on with their lives.
Avast, an antivirus company, found that 38 million PCs scanned just last
week still have not patched their systems. That's after Microsoft released
special patches so that outdated computers running on Windows XP and earlier
versions could be protected from the NSA exploits.
Considering that not everybody uses Avast, Jakub Kroustek, Avast's
threat lab lead, inferred that the "actual number of vulnerable PCs is
probably much higher."
Microsoft did not respond to requests for comment.
Evidently, WannaCry was not the tipping point for people to actually
act, and if the trend continues, GoldenEye won't be either.
The attacks are getting smarter, making more money and being sold as
tools. And people are leaving themselves vulnerable.
I'll see you in a month for the next massive attack.
cNET
0 Comments