Cybercrime: Ransomware
- Thread starter rynner2
- Start date
- Joined
- Apr 3, 2006
- Messages
- 273
lupinwick said:
Now that is inspired
And extortion.
- Joined
- Aug 7, 2001
- Messages
- 54,631
Police warn of 'ransom' spam targeting UK users
Tens of millions of UK internet users could be at risk from "ransom" email spam seemingly sent from financial institutions.
The email has an attachment that looks legitimate but is malware that encrypts computer files.
If the attachment is opened, a displayed countdown timer demands a ransom to decrypt the files.
Small to medium businesses seem to be the target and the National Crime Agency says there is significant risk.
Lee Miles, deputy head of the National Cyber Crime Unit, says: "The NCA are actively pursuing organised crime groups committing this type of crime. We are working in co-operation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public."
The malware installs a piece of "ransomware" called Cryptolocker on computers running the Windows operating system. The ransom demands that the user pay two Bitcoins, a virtual currency, that would be worth £536 to release the decryption key.
Reports suggest that people who have paid the ransom have not had their files decrypted and it has been impossible to restore encrypted files.
The NCA said it would never endorse the payment of a ransom to criminals and warns that there is no guarantee that the people behind the demand would honour the payments.
An NCCU investigation is seeking to identify the source of the email addresses used.
Computer users are being warned not to click on any suspicious attachments, to have updated antivirus software and to regularly back up files. If a computer is infected the advice is to disconnect it from the network and seek professional help to clean the device.
The NCA said that anyone infected with this malware should report it via actionfraud.police.uk.
http://www.bbc.co.uk/news/technology-24964426
Tens of millions of UK internet users could be at risk from "ransom" email spam seemingly sent from financial institutions.
The email has an attachment that looks legitimate but is malware that encrypts computer files.
If the attachment is opened, a displayed countdown timer demands a ransom to decrypt the files.
Small to medium businesses seem to be the target and the National Crime Agency says there is significant risk.
Lee Miles, deputy head of the National Cyber Crime Unit, says: "The NCA are actively pursuing organised crime groups committing this type of crime. We are working in co-operation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public."
The malware installs a piece of "ransomware" called Cryptolocker on computers running the Windows operating system. The ransom demands that the user pay two Bitcoins, a virtual currency, that would be worth £536 to release the decryption key.
Reports suggest that people who have paid the ransom have not had their files decrypted and it has been impossible to restore encrypted files.
The NCA said it would never endorse the payment of a ransom to criminals and warns that there is no guarantee that the people behind the demand would honour the payments.
An NCCU investigation is seeking to identify the source of the email addresses used.
Computer users are being warned not to click on any suspicious attachments, to have updated antivirus software and to regularly back up files. If a computer is infected the advice is to disconnect it from the network and seek professional help to clean the device.
The NCA said that anyone infected with this malware should report it via actionfraud.police.uk.
http://www.bbc.co.uk/news/technology-24964426
- Joined
- Aug 7, 2001
- Messages
- 54,631
I nearly deleted, unread, an email from my brother once, having forgotten he'd changed his email addy!Cochise said:
(in my defence, I should add that it wasn't perhaps wise of him to choose an addy with the word 'trouble' in it.)
- Joined
- Aug 7, 2001
- Messages
- 54,631
More on Cryptolocker:
Cryptolocker ransomware has 'infected about 250,000 PCs'
By Leo Kelion, Technology reporter
A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security researchers.
Cryptolocker scrambles users' data and then demands a fee to unencrypt it alongside a countdown clock.
Dell Secureworks said that the US and UK had been worst affected.
It added that the cyber-criminals responsible were now targeting home internet users after initially focusing on professionals.
The firm has provided a list of net domains that it suspects have been used to spread the code, but warned that more are being generated every day.
Ransomware has existed since at least 1989, but this latest example is particularly problematic because of the way it makes files inaccessible.
"Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft's CryptoAPI," said the report.
"By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent."
The first versions of Crytpolocker appear to have been posted to the net on 5 September.
Early examples were spread via spam emails that asked the user to click on a Zip-archived extension identified as being a customer complaint about the recipient's organisation.
Later it was distributed via malware attached to emails claiming there had been a problem clearing a cheque. Clicking the associated link downloaded a Trojan horse called Gameover Zeus, which in turn installed Cryptolocker onto the victim's PC.
By mid-December, Dell Secureworks said between 200,000 to 250,000 computers had been infected.
It said of those affected, "a minimum of 0.4%, and very likely many times that" had agreed to the ransom demand, which can currently only be paid in the virtual currencies Bitcoin and MoneyPak.
"Anecdotal reports from victims who elected to pay the ransom indicate that the Cryptolocker threat actors honour payments by instructing infected computers to decrypt files and uninstall the malware," added the security firm.
"According to reports from victims, payments may be accepted within minutes or may take several weeks to process."
However, Trend Micro, another security firm, has warned that giving into the blackmail request only encouraged the further spread of Cryptolocker and other copycat schemes, and said that there was no guarantee of getting the data back.
Dell suggested PCs be blocked from communicating with the hundreds of domains names it had flagged as being linked to the spread of Cryptolocker, and it suggested five further steps the public and businesses could take to protect themselves:
Install software that blocks executable fields and compressed archives before they reach email inboxes
Check permissions assigned to shared network drives to limit the number of people who can make modifications
Regularly back-up data to offline storage such as Blu-ray and DVD-Rom disks. Network-attached drives and cloud storage does not count as Cryptolocker can access and encrypt files stored there
Set each PC's software management tools to prevent Cryptolocker and other suspect programs from accessing certain critical directories
Set the computer's Group Policy Objects to restrict registry keys - databases containing settings - used by Cryptolocker so that the malware is unable to begin the encryption process.
http://www.bbc.co.uk/news/technology-25506020
Cryptolocker ransomware has 'infected about 250,000 PCs'
By Leo Kelion, Technology reporter
A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security researchers.
Cryptolocker scrambles users' data and then demands a fee to unencrypt it alongside a countdown clock.
Dell Secureworks said that the US and UK had been worst affected.
It added that the cyber-criminals responsible were now targeting home internet users after initially focusing on professionals.
The firm has provided a list of net domains that it suspects have been used to spread the code, but warned that more are being generated every day.
Ransomware has existed since at least 1989, but this latest example is particularly problematic because of the way it makes files inaccessible.
"Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft's CryptoAPI," said the report.
"By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent."
The first versions of Crytpolocker appear to have been posted to the net on 5 September.
Early examples were spread via spam emails that asked the user to click on a Zip-archived extension identified as being a customer complaint about the recipient's organisation.
Later it was distributed via malware attached to emails claiming there had been a problem clearing a cheque. Clicking the associated link downloaded a Trojan horse called Gameover Zeus, which in turn installed Cryptolocker onto the victim's PC.
By mid-December, Dell Secureworks said between 200,000 to 250,000 computers had been infected.
It said of those affected, "a minimum of 0.4%, and very likely many times that" had agreed to the ransom demand, which can currently only be paid in the virtual currencies Bitcoin and MoneyPak.
"Anecdotal reports from victims who elected to pay the ransom indicate that the Cryptolocker threat actors honour payments by instructing infected computers to decrypt files and uninstall the malware," added the security firm.
"According to reports from victims, payments may be accepted within minutes or may take several weeks to process."
However, Trend Micro, another security firm, has warned that giving into the blackmail request only encouraged the further spread of Cryptolocker and other copycat schemes, and said that there was no guarantee of getting the data back.
Dell suggested PCs be blocked from communicating with the hundreds of domains names it had flagged as being linked to the spread of Cryptolocker, and it suggested five further steps the public and businesses could take to protect themselves:
Install software that blocks executable fields and compressed archives before they reach email inboxes
Check permissions assigned to shared network drives to limit the number of people who can make modifications
Regularly back-up data to offline storage such as Blu-ray and DVD-Rom disks. Network-attached drives and cloud storage does not count as Cryptolocker can access and encrypt files stored there
Set each PC's software management tools to prevent Cryptolocker and other suspect programs from accessing certain critical directories
Set the computer's Group Policy Objects to restrict registry keys - databases containing settings - used by Cryptolocker so that the malware is unable to begin the encryption process.
http://www.bbc.co.uk/news/technology-25506020
ramonmercado
CyberPunk
- Joined
- Aug 19, 2003
- Messages
- 58,218
- Location
- Eblana
Some Maine police agencies say they have had no other choice than to pay a ransom to computer hackers to get their police records back.
Computers at the Lincoln County sheriff's office were recently infiltrated by a type of virus called ransomware. It locked up the system and held police records hostage.
Sheriff Todd Brackett told WCSH-TV that after several attempts to retrieve the records, his agency paid a ransom of about $300 to the creator of the virus to get their files back.
Brackett says the FBI helped track the payment to a Swiss bank account but efforts to identify the hackers got no further.
Also in Maine, Houlton Police Department computers were held hostage and the police chief says the department ended up paying a ransom.
http://phys.org/news/2015-04-maine-police-ransom-hackers.html
Computers at the Lincoln County sheriff's office were recently infiltrated by a type of virus called ransomware. It locked up the system and held police records hostage.
Sheriff Todd Brackett told WCSH-TV that after several attempts to retrieve the records, his agency paid a ransom of about $300 to the creator of the virus to get their files back.
Brackett says the FBI helped track the payment to a Swiss bank account but efforts to identify the hackers got no further.
Also in Maine, Houlton Police Department computers were held hostage and the police chief says the department ended up paying a ransom.
http://phys.org/news/2015-04-maine-police-ransom-hackers.html
Swifty
doesn't negotiate with terriers
- Joined
- Sep 15, 2013
- Messages
- 33,664
Some arsehole has just hacked the NHS ... hospitals across England are being reported as having to divert emergency patients ..
http://www.independent.co.uk/news/u...gency-patients-divert-shut-down-a7732816.html
http://www.independent.co.uk/news/u...gency-patients-divert-shut-down-a7732816.html
Megadeth1977
Justified & Ancient
- Joined
- Apr 7, 2015
- Messages
- 2,005
- Location
- London bow
This sound like a targeted hack.
OneWingedBird
Beloved of Ra
- Joined
- Aug 3, 2003
- Messages
- 15,431
BBC live news on this is now saying it wasn't targetted and has hit a number of other organisations too.
They're not saying which.
They're not saying which.
ramonmercado
CyberPunk
- Joined
- Aug 19, 2003
- Messages
- 58,218
- Location
- Eblana
Analogue Boy
Bar 6
- Joined
- Aug 10, 2005
- Messages
- 13,527
Regular punters here may remember my arguments against ID cards and the Surveillance State. Particularly regarding the inefficency of government data storage systems, their security as well as the mission and function creep of interests involved in gaining access to the stored information on systems that are clearly not fit for purpose. How could they close every back door?
I argued then that putting all of our data eggs in one basket would create a golden target for hackers everywhere and now we have this.
If only someone could have seen this coming...
I argued then that putting all of our data eggs in one basket would create a golden target for hackers everywhere and now we have this.
If only someone could have seen this coming...
Analogue Boy
Bar 6
- Joined
- Aug 10, 2005
- Messages
- 13,527
Fuck. I hate being right all the time.
OneWingedBird
Beloved of Ra
- Joined
- Aug 3, 2003
- Messages
- 15,431
It seems very misleading that this is still being called a cyberattack at all, from what they're saying, it seems to be entirely down to out of date security combined with people clicking on links in emails.
Back in 2001 when I worked in Highways, I came back from lunch one day to see around 400 emails in my inbox, all of them with a link to the Mawinela virus... turned out it just took one person logging into their Yahoo mail and clicking the link to give the virus access to their address book and it all cascaded from there.
BBC
Back in 2001 when I worked in Highways, I came back from lunch one day to see around 400 emails in my inbox, all of them with a link to the Mawinela virus... turned out it just took one person logging into their Yahoo mail and clicking the link to give the virus access to their address book and it all cascaded from there.
BBC
Swifty
doesn't negotiate with terriers
- Joined
- Sep 15, 2013
- Messages
- 33,664
Is that $300 in total or per user ? .. if it's in total, we're looking at a hacker or two trying to have a laugh.
Mythopoeika
I am a meat popsicle
- Joined
- Sep 18, 2001
- Messages
- 51,656
- Location
- Inside a starship, watching puny humans from afar
That's pretty much the case. It seems like the NHS was targeted, but really it's because of their lax security that it's snowballed into a much bigger problem.
Mythopoeika
I am a meat popsicle
- Joined
- Sep 18, 2001
- Messages
- 51,656
- Location
- Inside a starship, watching puny humans from afar
It's possible that somebody has found a way of stopping the spread of the malware:
https://www.theguardian.com/technol...tch-to-stop-spread-of-ransomware-cyber-attack
Hurrah for that man!
https://www.theguardian.com/technol...tch-to-stop-spread-of-ransomware-cyber-attack
Hurrah for that man!
- Joined
- Aug 7, 2001
- Messages
- 54,631
And good news from Devon:
Derriford Hospital back to normal after cyber attack
By Plymouth Herald | Posted: May 13, 2017
Patients are being urged to attend appointments as normal at Derriford Hospital this morning after staff worked tirelessly to overcome a cyber attack.
A number of NHS hospitals across the country reported that their computer systems had been affected by a bug on Friday afternoon.
But this morning the team at Derriford announced disruption has been minimised and most systems were running normally.
A statement on the hospital website reads: "Thanks to a huge team effort from staff - #1bigteam - we have minimised disruption to the hospital and have stepped down the incident we called yesterday evening.
"Most systems are running as normal and no patients have been affected.
"All patients are asked to attend the hospital for their appointments today and tomorrow as normal."
etc...
http://www.plymouthherald.co.uk/der...cyber-attack/story-30330261-detail/story.html
Derriford Hospital back to normal after cyber attack
By Plymouth Herald | Posted: May 13, 2017
Patients are being urged to attend appointments as normal at Derriford Hospital this morning after staff worked tirelessly to overcome a cyber attack.
A number of NHS hospitals across the country reported that their computer systems had been affected by a bug on Friday afternoon.
But this morning the team at Derriford announced disruption has been minimised and most systems were running normally.
A statement on the hospital website reads: "Thanks to a huge team effort from staff - #1bigteam - we have minimised disruption to the hospital and have stepped down the incident we called yesterday evening.
"Most systems are running as normal and no patients have been affected.
"All patients are asked to attend the hospital for their appointments today and tomorrow as normal."
etc...
http://www.plymouthherald.co.uk/der...cyber-attack/story-30330261-detail/story.html
Swifty
doesn't negotiate with terriers
- Joined
- Sep 15, 2013
- Messages
- 33,664
- Joined
- Aug 7, 2001
- Messages
- 54,631
Global cyber-attack: Security blogger halts ransomware 'by accident'
By Chris Foxx Technology reporter
13 May 2017
Audio file: 2m 06s
A UK security researcher has told the BBC how he "accidentally" halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK's NHS.
The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.
He managed to bring the spread to a halt when he found what appeared to be a "kill switch" in the rogue software's code.
"It was actually partly accidental," he told the BBC, after spending the night investigating. "I have not slept a wink."
Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an "accidental hero".
"I would say that's correct," he told the BBC.
"The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation."
The researcher first noticed that the malware was trying to contact a specific web address every time it infected a new computer.
But the web address it was trying to contact - a long jumble of letters - had not been registered.
MalwareTech decided to register it, and bought it for $10.69 (£8). Owning it would let him see where computers were accessing it from, and give him an idea of how widespread the ransomware was.
By doing so, he unexpectedly triggered part of the ransomware's code that told it to stop spreading.
This type of code is known as a "kill switch", which some attackers use to halt the spread of their software if things get out of hand.
He tested his discovery and was delighted when he managed to trigger the ransomware on demand.
etc...
http://www.bbc.co.uk/news/technology-39907049
By Chris Foxx Technology reporter
13 May 2017
Audio file: 2m 06s
A UK security researcher has told the BBC how he "accidentally" halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK's NHS.
The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.
He managed to bring the spread to a halt when he found what appeared to be a "kill switch" in the rogue software's code.
"It was actually partly accidental," he told the BBC, after spending the night investigating. "I have not slept a wink."
Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an "accidental hero".
"I would say that's correct," he told the BBC.
"The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation."
The researcher first noticed that the malware was trying to contact a specific web address every time it infected a new computer.
But the web address it was trying to contact - a long jumble of letters - had not been registered.
MalwareTech decided to register it, and bought it for $10.69 (£8). Owning it would let him see where computers were accessing it from, and give him an idea of how widespread the ransomware was.
By doing so, he unexpectedly triggered part of the ransomware's code that told it to stop spreading.
This type of code is known as a "kill switch", which some attackers use to halt the spread of their software if things get out of hand.
He tested his discovery and was delighted when he managed to trigger the ransomware on demand.
etc...
http://www.bbc.co.uk/news/technology-39907049
- Joined
- Aug 7, 2001
- Messages
- 54,631
NHS 'robust' after cyber-attack
13 May 2017
Video:
A total of 48 of England's NHS trusts were hit by Friday's cyber-attack, but only six are not yet back to normal, Home Secretary Amber Rudd has said.
Speaking after an emergency Cobra meeting, Ms Rudd said "there's always more" that could be done to protect against computer viruses.
She said 97% of NHS trusts were "working as normal" and there was no evidence patient data was affected.
The ransomware attack hit organisations in at least 99 countries.
Europol described it as "unprecedented" and said its cyber-crime team was working with affected countries to "mitigate the threat and assist victims".
Ms Rudd insisted the government had "the right plans" to limit the impact of the attack, which also affected the Nissan car plant in Sunderland.
etc...
http://www.bbc.co.uk/news/uk-39909441
13 May 2017
Video:
A total of 48 of England's NHS trusts were hit by Friday's cyber-attack, but only six are not yet back to normal, Home Secretary Amber Rudd has said.
Speaking after an emergency Cobra meeting, Ms Rudd said "there's always more" that could be done to protect against computer viruses.
She said 97% of NHS trusts were "working as normal" and there was no evidence patient data was affected.
The ransomware attack hit organisations in at least 99 countries.
Europol described it as "unprecedented" and said its cyber-crime team was working with affected countries to "mitigate the threat and assist victims".
Ms Rudd insisted the government had "the right plans" to limit the impact of the attack, which also affected the Nissan car plant in Sunderland.
etc...
http://www.bbc.co.uk/news/uk-39909441
Swifty
doesn't negotiate with terriers
- Joined
- Sep 15, 2013
- Messages
- 33,664
Excellent news ... and the culprit/culprits shouldn't be too hard to find now .. I'm going with it being a teenager due to the farcical ransom demand that was $300 or it doubles ever day !! *dramatic drumroll* .. back in the early days, the government used to catch these kids and give them web security jobs instead of prison terms. I wonder how this will all unfold ?.Global cyber-attack: Security blogger halts ransomware 'by accident'
By Chris Foxx Technology reporter
13 May 2017
Audio file: 2m 06s
A UK security researcher has told the BBC how he "accidentally" halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK's NHS.
The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.
He managed to bring the spread to a halt when he found what appeared to be a "kill switch" in the rogue software's code.
"It was actually partly accidental," he told the BBC, after spending the night investigating. "I have not slept a wink."
Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an "accidental hero".
"I would say that's correct," he told the BBC.
"The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation."
The researcher first noticed that the malware was trying to contact a specific web address every time it infected a new computer.
But the web address it was trying to contact - a long jumble of letters - had not been registered.
MalwareTech decided to register it, and bought it for $10.69 (£8). Owning it would let him see where computers were accessing it from, and give him an idea of how widespread the ransomware was.
By doing so, he unexpectedly triggered part of the ransomware's code that told it to stop spreading.
This type of code is known as a "kill switch", which some attackers use to halt the spread of their software if things get out of hand.
He tested his discovery and was delighted when he managed to trigger the ransomware on demand.
etc...
http://www.bbc.co.uk/news/technology-39907049
Cochise
Priest of the cult of the Dog with the Broken Paw
- Joined
- Jun 17, 2011
- Messages
- 8,474
I don't think this was a targeted attack, or that the NHS is in some way particularly vulnerable. It's very difficult to stop people clicking on links even in a small organisation, and with the variety of users that there must be in the NHS I would think virtually impossible. Nor will anti-malware be able to trap every new threat. The first wave of ransomware last year caught out all sorts of organisations until the counter-measure guys got on to it.
No-one had to 'hack' anything to do this. Computers are not secure, don't irrevocably trust your data to them. Especially if they are connected to the internet, as nowadays they virtually all are.
If you are going to build a secure system for stuff as vital as patient data the first thing you do is build a private network - a real one, not a VPN. Give people a second cheapo device for ad-hoc stuff that can use the internet. And don't give them any ability to plug stuff into the dedicated machinery - no USB ports. This is not the way anything is actually done, but it is the way you'd set about it if you actually took security seriously. No-one does.
No-one had to 'hack' anything to do this. Computers are not secure, don't irrevocably trust your data to them. Especially if they are connected to the internet, as nowadays they virtually all are.
If you are going to build a secure system for stuff as vital as patient data the first thing you do is build a private network - a real one, not a VPN. Give people a second cheapo device for ad-hoc stuff that can use the internet. And don't give them any ability to plug stuff into the dedicated machinery - no USB ports. This is not the way anything is actually done, but it is the way you'd set about it if you actually took security seriously. No-one does.
Last edited:
- Joined
- Aug 7, 2001
- Messages
- 54,631
Newquay surfing computer geek who stopped the NHS cyber attack
By CMJacqui | Posted: May 14, 2017
A self-taught surfing computer geek thought to be living on the Devon coast has been identified as the expert who stopped the huge global cyber attack that brought the NHS and other organisations worldwide to a standstill.
The cyber attack affected 48 hospitals and health trusts in England, including Derriford Hospital in Plymouth, as well as computer equipment in 100 countries across the world.
But it took the 22-year-old Newquay surfer took just a few hours to find a critical weakness in the ransomware to stop it spreading any further after it crippled tens of thousands of computers.
After announcing what he'd done, the young security expert, known only as Malware Tech, has been inundated with messages and praise, but tried to play it down.
He later told the Mail on Sunday: 'Saying I've saved lives is a bit drastic, but I've definitely saved a few people a pretty penny."
The young security expert he security expert started working for a private intel threat firm in Los Angeles a year ago, investigating the latest malicious computer software released by criminals and hackers - but he still lives in the south west.
He has previously tweeted about surfing and living by the sea and says: "I'm not a graduate. I had planned to go to university but ended up getting offered a job in security a year prior, so I took it. I'm completely selftaught so in hindsight university would probably not have been worth the time or money."
etc...
http://www.cornwalllive.com/newquay...cyber-attack/story-30331385-detail/story.html
The main surfing hotspots in north Devon are Croyde and Woolacombe.
By CMJacqui | Posted: May 14, 2017
A self-taught surfing computer geek thought to be living on the Devon coast has been identified as the expert who stopped the huge global cyber attack that brought the NHS and other organisations worldwide to a standstill.
The cyber attack affected 48 hospitals and health trusts in England, including Derriford Hospital in Plymouth, as well as computer equipment in 100 countries across the world.
But it took the 22-year-old Newquay surfer took just a few hours to find a critical weakness in the ransomware to stop it spreading any further after it crippled tens of thousands of computers.
After announcing what he'd done, the young security expert, known only as Malware Tech, has been inundated with messages and praise, but tried to play it down.
He later told the Mail on Sunday: 'Saying I've saved lives is a bit drastic, but I've definitely saved a few people a pretty penny."
The young security expert he security expert started working for a private intel threat firm in Los Angeles a year ago, investigating the latest malicious computer software released by criminals and hackers - but he still lives in the south west.
He has previously tweeted about surfing and living by the sea and says: "I'm not a graduate. I had planned to go to university but ended up getting offered a job in security a year prior, so I took it. I'm completely selftaught so in hindsight university would probably not have been worth the time or money."
etc...
http://www.cornwalllive.com/newquay...cyber-attack/story-30331385-detail/story.html
The main surfing hotspots in north Devon are Croyde and Woolacombe.
Cochise
Priest of the cult of the Dog with the Broken Paw
- Joined
- Jun 17, 2011
- Messages
- 8,474
Unfortunatly this (cybercrime) is an area that the MSM know nothing about - some of the stuff they print is both hilarious and badly misleading. This attack was NOT a 'hack' - it was some general purpose malware, the kind certain people get a kick out of writing basically to show how 'clever' they are.
Yer man Malware Tech was hacking about in the malware trying to analyze it (as I would have done if that kind of thing was still my responsibility) and by a combination of skill and luck he stopped the thing spreading because the author had built in a 'kill switch' - something which in itself suggests that this was a) a generalised attack and b) was not seriously intended to extort money - the author probably just wanted to know how far it would spread - I expect a lot further than he anticipated.
Also the NHS pays Microsoft to keep its XP security up to date until XP can be replaced. As a result anyone still using XP (in the UK, at least) is still getting updates. I have one XP machine (it has some obsolete software on it that won't run on anything newer - viz. the workshop manual for my car) and indeed it still recieves updates. This ransomware by all accounts got in via a browser and so the operating system would have little to do with it.
edited for spelling
Yer man Malware Tech was hacking about in the malware trying to analyze it (as I would have done if that kind of thing was still my responsibility) and by a combination of skill and luck he stopped the thing spreading because the author had built in a 'kill switch' - something which in itself suggests that this was a) a generalised attack and b) was not seriously intended to extort money - the author probably just wanted to know how far it would spread - I expect a lot further than he anticipated.
Also the NHS pays Microsoft to keep its XP security up to date until XP can be replaced. As a result anyone still using XP (in the UK, at least) is still getting updates. I have one XP machine (it has some obsolete software on it that won't run on anything newer - viz. the workshop manual for my car) and indeed it still recieves updates. This ransomware by all accounts got in via a browser and so the operating system would have little to do with it.
edited for spelling
Last edited:
Megadeth1977
Justified & Ancient
- Joined
- Apr 7, 2015
- Messages
- 2,005
- Location
- London bow
https://flipboard.com/@thenextweb/-...opped-wannacry-wa/f-fa540c0a7c/thenextweb.com
And the tabloids have doxed him the scum bags.
And the tabloids have doxed him the scum bags.