A MacOS user, I've been somewhat amused to read: What is the Petya ransomware spreading across Europe? WIRED explains | WIRED UK Security companies are confident the Petya ransomware uses the same software exploit in Microsoft products that WannaCry was able to exploit. Symantec says it has confirmed the ransomware is using the Eternal Blue vulnerability that is believed to have been developed by the NSA. Both Symantec and F-Secure say that although Petya does encrypt systems it is slightly different to other types of ransomware. "Petya is a new ransomware with an evil twist: instead of encrypting files on disk, it will lock the entire disk, rendering it pretty much useless," F-Secure says. "Specifically, it will encrypt the filesystem’s master file table (MFT), which means the operating system is not able to locate files." Beek adds that Petya has not been disguised with a lot of sophistication. "It is using a fake certificate that is derived from Microsoft's Sysinternal tools," he says. "It's not heavily obfuscated I would say, so it is easy to read through the functionality of the ransomware." EternalBlue - Wikipedia EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144[7][8] in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.[9] I'm a little confused by the term,". . . vulnerability that is believed to have been developed by the NSA." NSA did not define or write the SMB code in Windows. Writing a program to demonstrate the flaw is not what I would call "developed". I would have said ". . . vulnerability that is believed to have been demonstrated by the NSA." One reason is when I was working as a network engineer, we got a 'hair on fire' notice of a problem, subsequently fixed, in Cisco IOS. So I wrote a program that verified the exploit if only to make sure we could test the fix when it came out. This was one of the old style, malformed packet overflow that crashed the Cisco IOS. So I tend to think of "developed" as what some obscure MicroSoft coder did to create the vulnerability. Showing the exploit is more "demonstrate". My understanding is this latest ransomware has no recovery. It demands payment but effectively wipes the disk. So even if the ransom is paid, there is no recovery. Bob Wilson
I thought that was patched back in March before the wannacry outbreak? BTW, one of the places I work for has operations limited by this attack. It's a healthcare outfit. My wife tells me her company HQ have their systems non-operational, but her local company is fine. some say Putin did it: The Petya ransomware is starting to look like a cyberattack in disguise - The Verge fortunately there is a way to prevent infection. i'm disappointed media didn't emphasize that: Cybereason’s Principal Security Researcher Amit Serper is First in World to Discover a Killswitch to Stop ‘NotPetya’ Ransomware
Source: Nearly One in Four Windows Users Surveyed Plan to Switch to Mac Within Next Six Months - Mac Rumors Perhaps there is a lesson here. Bob Wilson
Believe the problem continues because certain business are unable to take their systems offline to effect the remedy, eg some airlines and shipping conglomerates without effective machine redundancy.
That's great. If it does what you need it to do, what more could you ask for. Mind you, there will be oodles of unpatched security vulnerabilities open to hackers should you ever take it online. It is that way that the so called botnets work.
my only concern is my charge card number, but i suppose they're more likely to get it from a vendor or even the guv'mint with my ss# than from my hard drive.
Ransomeware....or planned obsolescence for over priced hardware.... My vote? ...Neither. Pretty soon Laptops, PCs, and notebooks will have all of the utility of floppy drives and laser disc movies, so perhaps Chrome OS will be a good alternative to those who cannot afford an i-thingy.....or at least so say the "experts." I had to resurrect an old winders box for a family member who is on a fixed income, and I decided to just throw him into the pool. I wiped his box and put........(scratching head.....) I think it was a Zorin distro and I showed him how to get onto the internet and how to load apps from the library.....and for the last several months he's been happy as a clam. The thing is.....you don't have to be a geek to run a Linux box these days and if you have access to a usta-box, then there's no monetary outlay. Also....these OS's are fairly hack resistant - something I do NOT say about windows or macs.... YMMV DistroWatch.com: Put the fun back into computing. Use Linux, BSD.
