Tens of Thousands of Machines Still Open to EternalBlue Bug
Weeks after the WannaCry and NotPetya ransomware campaigns emerged and months after Microsoft released a patch for the vulnerability the two pieces of malware used to spread, more than 60,000 machines are still vulnerable to the bug. The vulnerability, which lies in Microsoft’s implementation of the SMB protocol, has been part of both the WannaCry […]
Android Ransomware Threatens to Leak Victim Data
The attacker community is continuing to expand the variety of ransomware strains it creates, including a recent variant that doesn’t encrypt victims’ files but instead threatens to send personal data and photos to their contacts. Researchers at McAfee discovered this ransomware variant buried within a couple of apps in the Google Play app store recently. […]
Makers of ME Doc Software Say They’ve Closed Backdoor Used By NotPetya
The makers of the M.E. Doc software that has been at the center of the NotPetya malware story say they have produced an updated version of the application that does not include the backdoor that had been slipped in by attackers several months ago. “M.E.Doc has created an update that will ensure safe work in the […]
Ukrainian Police Seize Servers in NotPetya Investigation
UPDATE–Police in Ukraine have confiscated several servers from the software company that develops the M.E. Doc accounting software that is believed to have been an unwitting part of the distribution process for the NotPetya ransomware. Soon after the emergence of NotPetya last week, security researchers from several organizations zeroed in on the update mechanism for the […]
NATO: NotPetya Likely the Work of State Attackers
The NotPetya ransomware that hit thousands of computers last week likely was created and launched by state-sponsored attackers, according to a new analysis by security experts at NATO. Based on the complexity and estimated cost of the operation, analysts at NATO’s Cooperative Cyber Defense Center of Excellence concluded that NotPetya either was the work of […]
New Windows 10 Feature Aims to Halt Ransomware
Microsoft is aiming to change the success rate of ransomware with a new security feature in Windows 10 that will define a set of folders that can only be accessed by approved apps. The feature is included in the latest interim build of Windows 10 and it comes at a time when large-scale ransomware campaigns such […]
Petya-Derived Ransomware Is Acting Like Shamoon
UPDATE–Security researchers are continuing to delve into the details of the latest ransomware outbreak, and have found that the ExPetr ransomware has a number of interesting characteristics that separate it from other variants and raise questions about its purpose. The ExPetr or NotPetya ransomware shares some code and behavior with the older Petya ransomware, but researchers […]
WannaCry Still Causing Trouble a Month On
More than a month after the WannaCry ransomware began making its way through networks around the world, the worm still is causing serious trouble in some places. Honda this week had to shut down an auto assembly plant temporarily due to a WannaCry infection, and the ransomware also has hit traffic cameras in Australia. Officials […]
Malvertising Campaign Tied to Ransomware Attack on UK Universities
The mobile ransomware infections that hit a number of universities in the U.K. recently have been traced back to a malvertising network and the Astrum exploit kit. The attacks against several universities, including University College London, emerged last week and initially there were fears that they were connected to the WannaCry ransomware outbreak. But researchers at […]