Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software (bleepingcomputer.com) 23
An anonymous reader quotes a report from Bleeping Computer: Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory. Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware.
Re: (Score:1, Offtopic)
Trump doesn't know bullshit from wild honey about any of this shit.
Rewarmed malware finds some networks? (Score:2)
https://it.slashdot.org/story/... [slashdot.org]
Its just ransomware, not some national cyber drama.
Re: (Score:2)
Thats why they have experts to do cyber things.
They have skills so their own interests are fully protected and any cyber effort is totally undetected.
Random malware just spreads around lots of random nations as expected and that anyone in the private sector can track in the wild.
If the malware has a name, the private sector is/can track it, its spreading like malware in really random nations
Re: (Score:2)
If you really think this is random, I've got some beachfront property in Kiruna I'm prepared to let you have at a really great price.
But I suspect that the AC's right, and you do really know better.
Re: (Score:3)
The Inside Story of How British Spies Hacked Belgium’s Largest Telco (December 13 2014)
https://theintercept.com/2014/... [theintercept.com]
".. The hack would remain undetected for two years, until the spring of 2013."
When a nation does it the method works, stay in place and is undetected. Not an in the wild, random malware effort thats detected by AV.
W
Re: (Score:2)
Privyetik [slashdot.org]!
Microsoft needs to update (Score:5, Funny)
Re: (Score:3, Informative)
The same place as "I'm a stupid moron who can't manage to install automatic security updates". They tend to congregate at the "I'm a stupid moron who can't correctly configure my OS and network infrastructure".
Frankly I am still amazed that the ass hats running the extortion ring think Bitcoins cannot be traced. All it takes is doing something that catch the attention of the various intelligence agencies causing them to expend a little of their considerable resources to track down and eliminate these crimin
Re: Microsoft needs to update (Score:2)
Re: (Score:2, Informative)
Incorrect, people running Windows 10 Enterprise, fully patched, still got infected [blogspot.com].
Evil Daemon? (Score:2)
Let me guess, M.E.Doc opens a port that expects a certain protocol handshake, upon which an unsigned blob is downloaded then executed? An attacker could connect to any computer with the program installed, and send a malware payload.
Either that or their GitHub equivalent was compromised (although given it's happened before, I'd bet on the former.)
Knock knock (Score:1)
"Back in May, the company's software update mechanism also helped spread the XData ransomware."
Pardon me M.E.Doc but I think you left your backdoor open.
Re: (Score:2)
Far more likely to be an insider job. Ukraine is in economic melt down, which puts enormous pressure on it already corrupt work force, all sorts of insider shenanigans will occur and basically any Ukraine digital source should be kept way outside the security loop. It will get much worse. Great examples were provided out of China, Russia and the US, the more economic impact felt by the digital class, the far more likely they will corrupt their own systems for money. Never to forget, as budgets tighten, so s