Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security The Internet IT Technology

Microsoft's Telemetry Shows Petya Infections in 65 Countries Around the World (microsoft.com) 86

From a blog post by Microsoft: On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the United States. The new ransomware has worm capabilities, which allows it to move laterally across infected networks. Based on our investigation, this new ransomware shares similar codes and is a new variant of Ransom:Win32/Petya. This new strain of ransomware, however, is more sophisticated. [...] Initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MEDoc. Although this vector was speculated at length by news media and security researchers -- including Ukraine's own Cyber Police -- there was only circumstantial evidence for this vector. Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process. A New York Times reports how rest of the world is dealing with Petya. From the article: A fuller picture of the impact will probably emerge in the coming days. But companies and government offices worldwide appeared less affected than the WannaCry attack, notably in places like China, which was hard hit in May. Reports from Asia suggested that many of the companies hit were the local arms of European and American companies struck on Tuesday. In Mumbai, India, a port terminal operated by A.P. Moller-Maersk, the Danish shipping giant, was shut after it disclosed that it had been hit by the malware. In a statement, Indian port authorities said they were taking steps to relieve congestion, such as finding places to park stranded cargo. The attack shut the terminal down on Tuesday afternoon. On the Australian island of Tasmania, computers in a Cadbury chocolate factory owned by Mondelez International, the American food company, displayed the ransomware message, according to the local news media.
This discussion has been archived. No new comments can be posted.

Microsoft's Telemetry Shows Petya Infections in 65 Countries Around the World

Comments Filter:
  • by Anonymous Coward on Wednesday June 28, 2017 @09:11AM (#54704461)

    Companies and individuals that choose Windows deserve what they get. An inherently insecure operating system, which they have no control over.

    Companies and individuals that do not back up their data deserve what they get. Total data loss.

    Companies and individuals that pay ransomware authors deserve what they get. More malware targeted at their systems.

    • Found the screeching Linux fanboy.
    • by IWantMoreSpamPlease ( 571972 ) on Wednesday June 28, 2017 @09:26AM (#54704547) Homepage Journal

      >>Companies and individuals that choose Windows...

      You have no idea what you are talking about. Furthermore, plenty of mission critical, and hell, even day to day, software, ONLY runs under Windows. So you want to do business, you have no choice, MS or nothing.
      And no, WINE won't cut it, many software packages refuse to run under emulation (we have several that way) and are programmed to look for such an environment (including VMs) and shut down if they encounter it.

      I'm a linux fan, but people like you aren't helping linux, you're hurting it.

      • by unrtst ( 777550 ) on Wednesday June 28, 2017 @09:57AM (#54704735)

        You are exactly the person the GP was referring to.
        You acknowledge that you (or some business) has purposefully chosen software that ONLY runs under windows. That software goes out of its way to ensure you can not run it under emulation (as opposed to embracing those common libraries and making minor updates to make it compatible, as other providers have done). Then you embrace the hole you were shoved into, rather than finding software to avoid these endless recurring issues.

        There was no mention of Linux anywhere in the GP post, but you dragged that in. You say you're a linux fan, but I don't buy it. You refer to this guy like he's a nutter, and then associate him with Linux. How is that something a Linux fan would do? Or maybe you referred to Linux because you believe it's secure and/or less vulnerable to these issues?

        It's not like you simply don't remember the past, and so are condemned to repeat it. You know it, and still make that decision. Yep, you deserve what you know you are going to get.
        [Morrison] https://www.youtube.com/watch?... [youtube.com]

        • Sometimes it's easier said than done. If the software package your company relies on will only run on windows then you are a bit stuck. Sure you can look for an alternative (and probably free) version of it for linux, but what if there isn't one? What do you do then?

          I do agree about the backups though, regardless what platform you are on, back your shit up.
        • You say you're a linux fan, but I don't buy it. You refer to this guy like he's a nutter, and then associate him with Linux. How is that something a Linux fan would do?

          I'm a Linux fan (I learned on Unix systems at school, before I ever touched a DOS/Windows PC). And I'd agree Linux has a lot more nutters that Windows. Windows has a lot more dumb users - the type who will go along with something because everyone else is. But Linux has a greater share of what we call conspiracy theorists in other circles.

          • by unrtst ( 777550 )

            Sorry, but I'm grabbing a quote out of context from you, cause I've heard similar things said less clearly before. I think you stated this very well:

            the choice of the rest of society matters because that influences compatibility, amount of available software (and its price), and the pool of programmers and admins you can hire from. ... So we're saddled with an inferior OS which self-perpetuates via inertia and sunk costs...

            Very good software was written for multiple platforms back when there was a small fraction of the number of users. The huge growth in availability and use of computers should make it far easier to support development of software for a wide variety of OS's and platforms, through separate companies/products, or cross platform work, as well as direct competition w

        • You acknowledge that you (or some business) has purposefully chosen software that ONLY runs under windows.

          You're acting as if some people have a choice. Not every application has some open source / cross platform alternative.

          Actually that wasn't quite right. Let me correct myself: MOST MISSION CRITICAL APPLICATIONS in many industries have NO open source / cross platform alternatives.

          If my two options are: Windows or close shop, leave the industry and become a fisherman, hmmm which will I choose... decisions, decisions.

        • Fair enough. Do, please, find me Open Source alternatives for the following software packages, so I can tell the laboratory I work for, to dump all Windows-only software, that has been certified that the results will hold up legally in court, and run this new stuff that you have found:
          https://products.appliedbiosys... [appliedbiosystems.com]

          ChemoView by AB Sciex
          NI Curl
          NI Dynamic Acquisition
          NI MetaSuite
          WinTox
          SmartCycler/LightCycler

          Most of these software packages run on multi-million dollar laboratory instruments, FYI. Some of them,

      • by Anonymous Coward

        You have no idea what you are talking about. Furthermore, plenty of mission critical, and hell, even day to day, software, ONLY runs under Windows. So you want to do business, you have no choice, MS or nothing.

        This is a two-way street. Commercial software exists to make software vendors money. Unwillingness to vote with your wallet and or effectively communicate your needs to your sales rep is a choice you as a customer make.

        And no, WINE won't cut it, many software packages refuse to run under emulation (we have several that way) and are programmed to look for such an

        Current versions of WINE are amazing in what they will run. Too bad most distros insist on bundling ancient versions.

        environment (including VMs) and shut down if they encounter it.

        If you're accepting this bullshit from your vendors the problem isn't the vendor it's YOU.

      • by Dunbal ( 464142 ) *

        Furthermore, plenty of mission critical, and hell, even day to day, software, ONLY runs under Windows.

        I guess all these people missed the part in the EULA where Microsoft specifically states you should not run mission critical software on their operating system and you will not sue them if anything goes wrong.

    • Companies and individuals that choose Windows deserve what they get. An inherently insecure operating system, which they have no control over.

      With a comment that stupid you have no place advising anyone on security. Security problems are primarily due to people. People who operate the systems, and people like *you* who believe security is the choice of a software program, or security is simply unplugging an Ethernet cable.

      The past few years has seen a huge rise in attack vectors and actual malware attacks on other platforms as those other platforms become profitable for people targeting them. We have seen large changes in attack vectors move from

    • gates did a good job but its 20 years past time for the corporate environments to get a clue and listen to their sysadmins when they say its time to update. then again, the corporate officers and stock holders could care less so......
  • by JoeyRox ( 2711699 ) on Wednesday June 28, 2017 @09:14AM (#54704473)
    How Inception-like.
  • by Anonymous Coward

    Since we don't 'own' the OS anymore, but simply license it for our use, doesn't that put the responsibility of a malware infection squarely on the 'owner' of the OS?

    • I'm sure that with Microsoft's Army of Lawyers(tm), they've got some weasel language in the Terms of Service that either absolve them of responsibility, or shove it onto users who don't properly patch their machines.

      Even if they don't, good luck with that lawsuit. (Refer again to the Army of Lawyers(tm)).

    • The "owner" only allows you to use the software if you agree to their terms, which make it abundantly clear that they have absolutely no responsibility for anything at all.

  • It's seems like companies would search for other software to avoid these endlessly recurring ransomware/spyware/malware infections, but after 15 years of them it doesn't appear to be the case. This is normal and accepted.
  • Telemetry (Score:5, Funny)

    by ichthus ( 72442 ) on Wednesday June 28, 2017 @09:32AM (#54704573) Homepage

    Welp, I guess that's one good use for Microsoft's spyware *cough* d'ah I mean, telemetry. Now they can see how many of their customers' systems are infected with malware in real time. Sure, if you can't secure the OS, why not then grab a bucket of popcorn and enjoy the fun?

    • Re:Telemetry (Score:5, Interesting)

      by Big Hairy Ian ( 1155547 ) on Wednesday June 28, 2017 @09:41AM (#54704631)
      I think the interesting thing here is even 15 year old unsupported M$ OSs are bleeding telemetry.
    • Microsoft came to the realization that building an impenetrable system for common use is impossible and attempting it will just make it unusable. So instead they focus on reactive solutions. I have a secure laptop at work with a white list of programs and websites I can visit I only use it if I need to preform a secure operation though. Even then this isn't a perfect solution and nothing is.

    • If they spent less time building telemetry into their systems to check how malware-infested they are, and more time actually securing their systems against the malware, they'd have less of this damn ransomware nonsense.
    • Welp, I guess that's one good use for Microsoft's spyware *cough* d'ah I mean, telemetry. Now they can see how many of their customers' systems are infected with malware in real time. Sure, if you can't secure the OS, why not then grab a bucket of popcorn and enjoy the fun?

      It doesn't take a genius to figure out Windows Defender is how they get information on infections. Or maybe around here it does.

      • by ichthus ( 72442 )

        So, Windows Defender can detect and report infections, but not Defend against them? So then, it should be called Windows Infection Reporter, instead of Defender.

        • So, Windows Defender can detect and report infections, but not Defend against them? So then, it should be called Windows Infection Reporter, instead of Defender.

          You know, based on the wording, that is hard to argue. Maybe I'm wrong and they actually are using the built in "telemetry" in Win10 to report on indicators of compromise.

          It doesn't really make sense though as the malware doesn't just encrypt your data, it reboots your computer to a lock screen. So either the malware was indeed blocked, or they were able to extract the necessary telemetry in the one hour before the machines restarted.

    • If the telemetry can detect it, why can't they put out an emergency patch to stop it the moment it's detected?
      • Telemetry doesn't detect it. People who analyze the telemetry do. E.g. if Microsoft sends back thumbprints of programs you run, then they can later match those thumbprints against found malware. By the time they add a virus definition to stop it it is too late.

  • by Anonymous Coward

    "Oh I'm not a malware protection application, I'm just a malware monitor. You've been infected."

    (commercial on TV in the USA, at least)

  • Let's not bullshit or pretend that being "techie" makes it somehow better. Malware = terrorism. And yes, that swings both ways.

    • Re:Act of war (Score:5, Insightful)

      by Big Hairy Ian ( 1155547 ) on Wednesday June 28, 2017 @09:42AM (#54704645)

      Let's not bullshit or pretend that being "techie" makes it somehow better. Malware = terrorism. And yes, that swings both ways.

      Actually Malware = Extortion in this instance

      • Perhaps both?

        My local tv news suggested the Ransomware concentrated largely on Ukraine - suggesting an agenda beyond the financial.

    • Re:Act of war (Score:4, Insightful)

      by WaffleMonster ( 969671 ) on Wednesday June 28, 2017 @11:01AM (#54705173)

      Let's not bullshit or pretend that being "techie" makes it somehow better. Malware = terrorism. And yes, that swings both ways.

      Behind every act of terrorism there is political demands to enforce rules backed by threat of violence from an external entity challenging a states monopoly on violence.

      Malware is generally just another criminal commercial money making enterprise. Whether it's a group of poor Canadian crackers looking to enrich themselves or multi-national corporations (e.g. Microsoft) profiting off distribution of malware.. it may be illegal or immoral yet without the political demands it is not terrorism.

      • Behind every act of terrorism there is political demands to enforce rules backed by threat of violence from an external entity

        When health care systems or infrastructure or the financial system are targeted, yeah it's terrorism.

        Either way, purveyors of malware should be considered combatants, and treated accordingly. I see zero reason to give them the benefit of understanding. That includes Microsoft, who should face the corporate equivalent of being considered a combatant and broken up via anti-trust laws

  • infected (Score:5, Funny)

    by roc97007 ( 608802 ) on Wednesday June 28, 2017 @09:46AM (#54704665) Journal

    Yeah, I know, my machine got infected. I know 'cuz I got a call just the other day from a very helpful person. "Hello, I'm from The Microsoft, ok? I'm calling you about your computer, ok? Your computer is infested with the viruses, ok?" He helped me straighten it out. Cost me $300 and my machine runs a little slower now, but I'm sure it was worth it.

  • What this proves is what people have been saying about updaters that come packaged with many applications: they are not secure. Updates need to be done using signed binaries, not simply signed executables. Signed executables on are nice but completely worthless if they are entirely optional. Also, actually checking the signature is a key element to the whole system which is oddly omitted on occasion.

    A standardized system for applications to actually do software updates using the Windows Update system (an

    • It's disappointing that MS doesn't make it a service for developers to buy into.

      Haven't you ever seen updates for non-MS software in Windows Update? I know that I do occasionally. It's not uncommon to see on Slashdot, someone complaining about software for device drivers being delivered via Windows Update, and they wish that they had a way to block it. The issue is that Microsoft knows that any updates coming through Windows Update, are attached to their name. So if there's something wrong with the update the average user is going to blame Microsoft, not the company who authored the up

  • Yet ANOTHER reason for those of us who have quit using Windows and switched to Linux have reason to rejoice...

No skis take rocks like rental skis!

Working...