'Global Ransomware Attack: What We Know and Don’t Know' diff viewer (2/3)

This article is from the source 'nytimes' and was first published or seen on June 27, 2017 17:12 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2017/06/27/technology/global-ransomware-hack-what-we-know-and-dont-know.html

The article has changed 7 times. There is an RSS feed of changes available.

Previous version 1 2 3 4 5 6 Next version

Version 2	Version 3
Global Cyberattack: What We Know and Don’t Know	Global Cyberattack: What We Know and Don’t Know
2017-06-27 19:50:08 UTC	2017-06-27 23:50:10 UTC (about 4 hours later)
A quickly spreading ransomware attack is hitting countries across the world including ~~Ukraine,~~ Russia, Spain, ~~France~~ and the United States, just weeks after a ransomware attack known as ~~“WannaCry.”~~	A quickly spreading ransomware attack is hitting countries across the world including France, Russia, Spain, Ukraine and the United States, just weeks after a ransomware attack known as WannaCry.
• Several private companies have confirmed that they ~~have~~ ~~been~~ hit by the attack, including the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, Saint-Gobain of ~~France,~~ and the Russian steel, mining and oil ~~firms~~ Evraz and Rosneft.	• Several private companies have confirmed that they were hit by the attack, including the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, the French multinational Saint-Gobain and the Russian steel, mining and oil companies Evraz and Rosneft.
• Photographs and videos of computers affected by the attack show a message of red text ~~over~~ a black screen. The message read: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”	• Photographs and videos of computers affected by the attack show a message of red text on a black screen. The message read: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”
• ~~Cybersecurity~~ ~~researchers~~ ~~first~~ ~~said~~ ~~that~~ ~~the~~ ~~new~~ ~~ransomware~~ ~~appeared~~ to be a ~~variation~~ of a ~~well-known~~ ~~ransomware~~ ~~strain~~ ~~called~~ ~~Petya.~~ ~~One~~ ~~researcher~~ ~~from~~ ~~the~~ ~~Moscow-based~~ cybersecurity firm ~~Kaspersky~~ ~~Lab~~ ~~reported~~ ~~the~~ ~~new~~ ~~ransomware~~ ~~was~~ a ~~strain~~ of ~~Petya~~ ~~first~~ ~~identified~~ in ~~March~~ ~~2016.~~ ~~Kaspersky~~ ~~found~~ ~~evidence~~ that ~~the~~ ~~latest~~ ~~strain~~ had been ~~created~~ on ~~June~~ ~~18,~~ ~~suggesting~~ it ~~has~~ ~~been~~ ~~hitting~~ ~~victims~~ ~~for~~ ~~more~~ ~~than~~ a ~~week.~~ ~~But~~ ~~Kaspersky~~ ~~also~~ ~~said~~ it ~~was~~ ~~still~~ ~~investigating~~ the ~~attack~~ ~~and~~ ~~that~~ it ~~could~~ be a new ~~type~~ of ~~ransomware~~ ~~that~~ ~~has~~ ~~never~~ ~~been~~ ~~seen~~ ~~before.~~	• Kaspersky Lab, a cybersecurity firm based in Moscow, reported that about 2,000 computer systems had been affected by the new ransomware.
~~• ~~Kaspersky~~ ~~reported~~ that ~~approximately~~ ~~2,000~~ ~~computer~~ ~~systems~~ ~~had~~ ~~been~~ ~~affected~~ by the new ransomware so ~~far.~~~~	• Cybersecurity researchers first called the new ransomware attack Petya, as it bore similarities to a ransomware strain known by that name, which was first reported by Kasperksy in March 2016. But Kaspersky later said that its investigation into the new attack found that it was a type of ransomware that had never been seen before.
	• ESET, a Slovakia-based cybersecurity company, said the first known infection occurred early on June 27, through a Ukrainian software company called MeDoc. MeDoc denied that its program was the initial infection point. In a Facebook post, the firm wrote, “At the time of updating the program, the system could not be infected with the virus directly from the update file,” though an earlier message confirmed that its systems had been compromised.
• Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue.	• Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue.
• Eternal Blue was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. ~~The~~ ~~same~~ vulnerability was used in May to spread the WannaCry ransomware, in which hundreds of thousands of computers in ~~over~~ 150 ~~countries~~ ~~were~~ ~~affected.~~	• Eternal Blue was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. That vulnerability was used in May to spread the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries.
• ~~Several~~ cybersecurity ~~researchers~~ have identified a ~~Bitcoin~~ ~~address~~ to ~~which~~ the ~~attackers~~ ~~are~~ ~~demanding~~ a ~~payment~~ of ~~$300~~ ~~from~~ ~~their~~ ~~victims.~~ At ~~least~~ ~~some~~ of the ~~victims~~ ~~appear~~ to be ~~paying~~ the ~~ransom.~~	• ESET and several other cybersecurity companies have identified at least one other exploit used in the attack known as PsExec, which takes advantage of a single computer that has not been updated with the latest software in a network to spread infections by looking for — and using — administrative credentials. By using PsExec, the ransomware continued spreading across systems that had been updated, or patched, after the WannaCry outbreak last month.
	• Several cybersecurity researchers have identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some of the victims appear to be paying the ransom, even though the email address used by the attackers has been shut down. That removes the possibility that the attackers could restore a victim’s access to their computer networks, even once ransom is paid.
• Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track.	• Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track.
• ~~Why~~ it is ~~spreading~~ as ~~quickly~~ as it ~~is.~~ Cybersecurity researchers ~~believe~~ ~~that~~ ~~like~~ ~~WannaCry,~~ the ~~ransomware~~ ~~infects~~ ~~computers~~ ~~using~~ ~~vulnerabilities~~ in ~~the~~ ~~central~~ ~~nerve~~ of a ~~computer,~~ ~~called~~ a ~~kernel,~~ ~~making~~ it ~~difficult~~ ~~for~~ ~~antivirus~~ ~~firms~~ to ~~detect.~~ It is not ~~yet~~ ~~known~~ if the ~~new~~ ~~ransomware~~ ~~uses~~ ~~any~~ ~~new~~ ~~vulnerabilities,~~ or ~~variants~~ of ~~the~~ ~~vulnerabilities,~~ ~~made~~ ~~public~~ by ~~the~~ ~~group~~ ~~known~~ as ~~the~~ ~~Shadow~~ ~~Brokers.~~	• The motives for the attack. Cybersecurity researchers ask why, if the goal of the attack was to force victims to pay ransom, more care was not taken to protect the email address through which attackers could communicate with their victims, or to provide multiple avenues for payment.
~~• ~~It’s~~ ~~unclear~~ if ~~systems~~ ~~protected~~ ~~against~~ ~~WannaCry~~ ~~can~~ ~~still~~ be ~~affected~~ by the ~~new~~ ransomware ~~attack.~~~~	• How much bigger this attack will get. Cybersecurity researchers say that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It also has the ability to take advantage of a single unpatched computer on a network to infect computers across a vast network, meaning that even systems that were updated after WannaCry could potentially become vulnerable again.
• Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims an email that includes a ~~link,~~ or a ~~file,~~ ~~which~~ appears ~~innocuous,~~ but ~~which~~ contains dangerous malware.	• Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims email that includes a link or a file that appears innocuous but contains dangerous malware.
• Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, ~~folders,~~ and drives on that computer. In some cases, the entire network the computer is connected to can become infected.	• Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, folders and drives on that computer. In some cases, the entire network the computer is connected to can become infected.
• The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency.	• The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency.

Previous version 1 2 3 4 5 6 Next version