Kategorie

Enlarge / Code in Tuesday's attack, shown on the left, was altered to permanently destroy hard drives. (credit: Matt Suiche)

Tuesday's massive outbreak of malware that shut down computers around the world has been almost universally blamed on ransomware, which by definition seeks to make money by unlocking data held hostage only if victims pay a hefty fee. Now, some researchers are drawing an even bleaker assessment—that the malware was a wiper with the objective of permanently destroying hard drives.

Initially, researchers said the malware was a new version of the Petya ransomware that first struck in early 2016. Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya's behaviors. With more time to analyze the malware, researchers on Wednesday are highlighting some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive that it's impossible for victims to recover their data.

In other words, the researchers said, the payload delivered in Tuesday's outbreak wasn't ransomware at all. Instead, its true objective was to permanently destroy as many hard drives as possible on infected networks, in much the way the Shamoon disk wiper left a wake of destruction in Saudi Arabia. Some researchers have said Shamoon is likely the work of developers sponsored by an as-yet unidentified country. Researchers analyzing Tuesday's malware—alternatively dubbed PetyaWrap, NotPetya, and ExPetr—are speculating the ransom note left behind in Tuesday's attack was, in fact, a hoax intended to capitalize on media interest sparked by last month's massive WCry outbreak.

Read 8 remaining paragraphs | Comments

What if I say the Tuesday's devastating global malware outbreak was not due to any ransomware infection? Yes, the Petya ransomware attacks that began infecting computers in several countries, including Russia, Ukraine, France, India and the United States on Tuesday and demands $300 ransom was not designed with the intention of restoring the computers at all. According to a new analysis, the

Researchers at Kaspersky Lab have discovered an error in the ExPetr ransomware code that prevents recovery of lost data.

Microsoft is warning customers of an “important” update to its Azure AD Connect service that could allow for an elevation of privilege attack against affected systems.

Your questions about the new Petya ransomware answered - and your chance to ask us more.

Still got a Zip drive? What about a CD? Are you sure you'll be able to access the data stored on those? We take a look at what's being done to keep information safe for future generations

Your daily round-up of some of the other stories in the news

Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole attack.

The story of Adam Flanagan, who's been jailed for hacking, is a reminder to companies to revoke access to networks when they sack a disgruntled employee

Microsoft is making every effort to make its Windows operating system more secure and advanced than ever before by beefing up its security practices and hardening it against hackers and cyber attacks in its next release. With the launch of its Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017, Microsoft is planning

HackerOne released its first report on its bug bounty program, and reveals an industry shift toward enlisting hackers for better cybersecurity.

Britové vypluli se svoji největší a supermoderní letadlovou loď HMS Queen Elizabeth (technické detaily najdete třeba na Wikipedii), nicméně tamní novináři z The Times a Guardianu při návštěvě na palubě objevili několik zajímavostí, kterými se nyní baví celý ...

The Shadow Brokers, a notorious hacking group that leaked US cyberweapons — which were also abused by the recent ransomware disasters WannaCry and Petya or NotPetya — has now threatened to unmask the identity of a former hacker who worked for the NSA. Besides this, the Shadow Brokers group has also doubled the price for its monthly subscription model of NSA's built hacking tools and zero-day

WikiLeaks has just published a new batch of the ongoing Vault 7 leak, and this time the whistleblowing website has unveiled a classified malware for that tracks geo-location of targeted PCs and laptops running the Microsoft Windows operating system. In short, the malware does it by capturing the IDs of nearby public hotspots and then matching them with the global database of public Wi-Fi

It's been 24 hours since the outbreak first hit: here's what we know now about how Petya behaves

Škodlivý software, který omezuje nebo zabraňuje uživateli přístup k počítači nebo souborům a který v úterý ochromil počítače po celém světě, se obecně označuje jako ransomware (z anglického ransom - výkupné). Za obnovení přístupu totiž požaduje výkupné, zpravidla v digitálních měnách (často bitcoinech), aby se zamezilo možnosti vysledovat platbu.

Attackers grabbed data including names, birthdates, taxpayer IDs and more from Anthem patients - a toolkit for identity theft

LinuxSecurity.com: Logs on your Linux server are crucial to monitoring and troubleshooting. Take a look at what they actually are and how to make the most of them.

LinuxSecurity.com: WatchGuard©'s latest quarterly Internet Security Report reveals that despite an overall drop in malware detection, Linux malware made up more than 36 percent of the top threats identified in Q1 2017. The increased presence of Linux/Exploit, Linux/Downloader and Linux/Flooder attacks highlights the need to protect Linux-based IoT devices and Linux servers from the internet with layered defences.