Results 1 to 3 of 3
  1. #1
    Join Date
    Mar 2014
    Location
    ROOT
    Posts
    1,097

    Exclamation Petya cyberattack: Cadbury factory the first Australian business hit by ransomware

    Union says production halted after computers stopped working at factory owned by Spanish food company Mondelez



    Production at Cadbury’s chocolate factory in Hobart was stopped after Mondelez found itself engulfed in the Petya ransomware cyberattack. Photograph: Sergei Konkov/TASS

    Production at Cadbury’s chocolate factory in Hobart has stopped after its parent company found itself engulfed in the ransomware cyberattack that has spread through the US and Europe.

    The Australian Manufacturing Workers’ Union’s Tasmanian secretary, John Short, said production was stopped about 9.30pm on Tuesday after computers stopped working at the factory, which is owned by the Spanish food company Mondelez.

    The “Petya” ransomware has caused serious disruption at companies such as the advertising giant WPP, the Russian steel and oil firms Evraz and Rosneft and the French construction materials company Saint-Gobain.



    Leon Compton (@LeonCompton) Ransomware attack comes to Tasmania. This is what Cadbury's Hobart computers look like since 9:30pm #ransomware pic.twitter.com/tZIC16oQNH
    June 27, 2017

    The legal firm DLA Piper, Danish shipping and transport giant AP Moller-Maersk and Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh, also said their systems had been hit by the malware.
    Infected computers display a message demanding a Bitcoin ransom worth $300. Those who pay are asked to send confirmation of payment to an email address.


    However, that email address has been shut down by the email provider, which means there is no longer any way for people who decide to pay the ransom to contact the attacker for a decryption key to unlock their computer.

    Short said the Hobart chocolate factory’s 500 employees, who produce about 50,000 tonnes of chocolate a year, turned up for work on Wednesday but it was unclear how long it would take to restore the computer systems so production could resume.
    A Mondelez spokeswoman in Australia had no immediate comment.

    Australian staff of global law firm DLA Piper Ltd were quoted telling media they were shut out of their computer systems because of the attack. DLA Piper said in a statement it was hit by a suspected malware attack and that it was “taking steps to remedy the issue”.

    The minister assisting the prime minister for cyber security, Dan Tehan, said the attack, a month after the similar WannaCry attack, was “a wake-up call to all Australian businesses to regularly back up their data and install the latest security patches”.

    Mike Sentonas, the regional vice-president of the US cybersecurity company CrowdStrike Inc, said it was unclear how many Australian computers were affected by the latest attack but “what is different about this ransomware is its ability to spread, even if a computer has been patched”.

    The attack was first reported in Ukraine, where the government, banks, state power utility and Kiev’s airport and metro system were all affected. The radiation monitoring system at Chernobyl was taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone.

    Source - theguardian.com



  2. #2
    Join Date
    Mar 2014
    Location
    ROOT
    Posts
    1,097

    Question What is the Petya ransomware attack, and how can it be stopped?

    Companies have been crippled by an attack dubbed ‘Petya’, the second major ransomware crime in two months. Olivia Solon answers the key questions



    The website homepage of British advertising company WPP after it was targeted by international cyber-attack Petya. Photograph: Benjamin Fathers/AFP/Getty Images

    Many organizations in Europe and the US have been crippled by a ransomware attack dubbed “Petya”. The malicious software has spread through large firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk, leading to PCs and data being locked up and held for ransom.

    It’s the second major global ransomware attack in the last two months. In early May, Britain’s National Health Service (NHS) was among the organizations infected by WannaCry, which used a vulnerability first revealed to the public as part of a leaked stash of NSA-related documents released online in April by a hacker group calling itself the Shadow Brokers.


    The WannaCry or WannaCrypt ransomware attack affected more than 230,000 computers in over 150 countries, with the UK’s national health service, Spanish phone company Telefónica and German state railways among those hardest hit.


    Like WannaCry, Petya spreads rapidly through networks that use Microsoft Windows, but what is it, why is it happening and how can it be stopped?


    What is ransomware?

    Ransomware is a type of malware that blocks access to a computer or its data and demands money to release it.
    How does it work?

    When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.
    How does the Petya ransomware work?

    The Petya ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry”, said Ryan Kalember from cybersecurity company Proofpoint.

    Where did it start?

    The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian Cyber Police. This explains why so many Ukrainian organizations were affected, including government, banks, state power utilities and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone.
    How far has it spread?

    The “Petya” ransomware has caused serious disruption at large firms in Europe and the US, including the advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. The food company Mondelez, legal firm DLA Piper, Danish shipping and transport firm AP Moller-Maersk and Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh, also said their systems had been hit by the malware.




    Shipping company Maersk’s IT system was impacted by the cyber-attack. Photograph: Mauritz Antin/EPA


    So is this just another opportunistic cybercrimnal?

    It initially looked like Petya was just another cybercriminal taking advantage of cyberweapons leaked online. However, security experts say that the payment mechanism of the attack seems too amateurish to have been carried out by serious criminals. Firstly, the ransom note includes the same Bitcoin payment address for every victim – most ransomware creates a custom address for every victim. Secondly, Petya asks victims to communicate with the attackers via a single email address which has been suspended by the email provider after they discovered what it was being used for. This means that even if someone pays the ransom, they have no way to communicate with the attacker to request the decryption key to unlock their files.



    OK, so then who is behind the attack?

    It’s not clear, but it seems likely it is someone who wants the malware to masquerade as ransomware, while actually just being destructive, particularly to the Ukrainian government. Security researcher Nicholas Weaver told cybersecurity blog Krebs on Security that Petya was a “deliberate, malicious, destructive attack or perhaps a test disguised as ransomware”.
    Ukraine has blamed Russia for previous cyber-attacks, including one on its power grid at the end of 2015 that left part of western Ukraine temporarily without electricity. Russia has denied carrying out cyber-attacks on Ukraine.
    What should you do if you are affected by the ransomware?

    The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine, as flagged by @hackerFantastic on Twitter.

    Hacker Fantastic @hackerfantastic) If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine. pic.twitter.com/IqwzWdlrX6
    June 27, 2017


    If the system reboots with the ransom note, don’t pay the ransom – the “customer service” email address has been shut down so there’s no way to get the decryption key to unlock your files anyway. Disconnect your PC from the internet, reformat the hard drive and reinstall your files from a backup. Back up your files regularly and keep your anti-virus software up to date.

    Source - https://www.theguardian.com/

  3. #3
    Join Date
    Mar 2014
    Location
    ROOT
    Posts
    1,097

    Question How to protect your Windows computer from the Petya ransomware attack?

    SAN FRANCISCO —A new ransomware named Petya hit high-profile targets in multiple countries, including the United States, on Tuesday.

    While Petya has not infiltrated as many machines as ransomware WannaCry did in May, it is more dangerous and has the power to create more damage. Here’s how to protect yourself and your small business from attacks like Petya.


    Download patches

    Like WannaCry, Petya is targeting a vulnerability in older Windows systems called EternalBlue. One of the best things you can do to protect yourself from these attacks is to download the patches Microsoft provides during updates. Microsoft released a patch to protect against the vulnerability on its Windows XP system in March. Earlier this month, it issued more patches for older Windows operating systems, citing the "elevated risk for destructive cyber attacks."

    If you enable Microsoft to automatically update your computer, you should have the patch. For older versions of Windows that Microsoft doesn't generally support, you can go to the Microsoft website and download the patches you need to protect your computers based on the version of Windows you have.


    Back up your computer

    You should always back up your computer just in case a ransomware attacks your computer so you have copies of your files in another location, like an external hard drive or in the cloud.
    Don Foster, senior director of solutions marketing at business data firm Commvault, advises backing up data more than once a month. In the event of an attack, you can have the most updated files to use without having to pay the ransom.
    Install protection programs

    You should download protection programs that not only fight attacks, but also notify you when there is a threat to your computer. These programs include firewalls, anti-virus programs and other protective software. They can alert you if a malware is trying to encrypt your files and what they are doing to stop it. These are a good idea, says Bill Kelly of specialty insurer Argo Group, because even though the ransomware can get to some of your files, these programs should protect the rest of your files.


    Don’t click on anything suspicious

    Some of these attacks occur because of phishing emails. These emails are designed to make you think they are legitimate, but install malware on your computer once you open them. Kelly suggests training yourself to identify what these emails look like.
    Often, there is a typo in the name of the company or person supposedly sending you the email. It can be as little as one letter changed from their actual name.
    Foster also suggests not visiting websites that have illegal or suspicious activity on them. You can unleash malware and open yourself to vulnerability without realizing it just by clicking a link on these sites.
    Protect yourself when using public Wi-Fi

    When using public Wi-Fi, you are viewable to everyone else using that network. You want to make sure you change your security settings on your computer when on a public network. Usually, computers will ask you automatically if you want to be viewable on the network, but check your security settings just to be sure you are not set to public.
    Foster suggests using a VPN, or a viral private network, that hides your computer from those using a public network. The use of a VPN won’t fight malware, but it can help you not be a target.


    Source - https://www.usatoday.com

Similar Threads

  1. $1 For the first month!! Personal & Business Hosting with backups!
    By VeeroTech Hosting in forum Shared Hosting Offers
    Replies: 0
    Last Post: 02-20-2012, 09:46 AM
  2. Getting a first foot in the web hosting business?
    By WootWoot in forum Dedicated Server
    Replies: 17
    Last Post: 03-18-2011, 05:19 PM
  3. Replies: 6
    Last Post: 10-13-2009, 11:05 PM
  4. 2 years after the fact I get hit by nimda....
    By parsafliffum in forum Web Hosting Lounge
    Replies: 4
    Last Post: 05-08-2002, 07:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •