The malware has affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.

The cyber-police chief in Ukraine confirmed to the Reuters news agency that Bad Rabbit was the ransomware in question.
It bears similarities to the WannaCry and Petya outbreaks earlier this year.

However, it is not yet known how far this new malware will be able to spread.

“In some of the companies, the work has been completely paralysed – servers and workstations are encrypted,” head of Russian cyber-security firm Group-IB, Ilya Sachkov, told the TASS news agency.

Two of the affected sites are Interfax and Fontanka.ru.
Meanwhile, US officials said they had “received multiple reports of Bad Rabbit ransomware infections in many countries around the world”.

The US computer emergency readiness team said it “discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored”.

Russia hit most
“According to our data, most of the victims targeted by these attacks are located in Russia,” said Vyacheslav Zakorzhevsky at Kaspersky Lab.

“We have also seen similar but fewer attacks in Ukraine, Turkey and Germany.”

Bad Rabbit encrypts the contents of a computer and asks for a payment – in this case 0.05 bitcoins, or about $280 (£213).

Cyber-security firms, including Russia-based Kaspersky, have said they are monitoring the attack.

The malware is still undetected by the majority of anti-virus programs, according to analysis by virus checking site Virus Total.

One security firm, Eset, has said that the malware was distributed via a bogus Adobe Flash update.

Researcher Kevin Beaumont has posted a screenshot that shows Bad Rabbit creating tasks in Windows named after the dragons Drogon and Rhaegal in TV series Game of Thrones.

The outbreak bears similarities to the WannaCry and Petya ransomware outbreaks that spread around the world causing widespread disruption earlier this year.

–

Source: BBC

The post ‘Bad Rabbit’ ransomware strikes Ukraine and Russia appeared first on Citi 97.3 FM - Relevant Radio. Always.

It is believed to be a record amount, although it is worth noting that many ransom payments are never made public.

Nayana’s chief executive revealed that the hackers initially asked for $4.4m, payable in bitcoin.

Security experts warned that firms should not pay such ransoms or enter into negotiations with hackers.

Angela Sasse, director of the Institute in the Science of Cyber-Security, said that she was surprised both by the size of the ransom and that the firm went public about paying.

“This is a record ransom from what I know, although some will have paid and not gone public.

“It could be that it had to disclose the amount under the South Korean regulatory structure or it could have been done out of a sense of public duty,” she said.

“From the attackers’ point of view, they might have preferred that the firm kept quiet. It is such a large ransom that it might spur a lot of companies to look more carefully at their security.”

Bankrupt

The ransomware – known as Erebus – targeted computers running Microsoft Windows and was also modified so a variant would work against Linux-based systems.

It appears that Nayana entered into negotiations with the hackers, lowering the fee from $4.4m to less than $500,000 although at the last minute, the hackers doubled the negotiated amount to $1m.

They are believed to have encrypted data on 153 Linux servers and 3,400 customer websites.

An update posted on Saturday said that engineers were in the process of recovering data but added that it would take time.

Nayana’s chief executive apologised for the “shock and damage” of the incident.

In an earlier statement, he said that the attack had hit his bank balance.

“Now I am bankrupt. Everything I’ve been working on for 20 years is expected to disappear at 12:00 tomorrow.”

Ms Sasse said that ransomware attackers had grown much bolder in recent years.

“Two years ago, they tended to target individuals or smaller businesses believing that they would have less good security measures but they have found that they can get bigger targets and the pay-off is much larger. It is a lucrative business.”

–

Source: BBC

The post South Korean firm pays $1m to unlock files appeared first on Citi 97.3 FM - Relevant Radio. Always.

One is ransomware that encrypts data and demands payment before files are released.

The other is spyware that watches what users do and scoops up valuable information.

Experts said they represented a threat because their creators were letting anyone use them for free.

The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor “dark web” network that acted as a shopfront for both.

In a blog, Fortinet said the site claimed that the creators behind it were professional software engineers with “extensive experience” of creating working code.

Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware’s creators had said that payments made by ransomware victims would be split between themselves and their customers.

Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware.

Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm.

However, they added, any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data.

“Even if it is far inferior to most current ransomware targeting Windows, it doesn’t fail to encrypt victim’s files or prevent access to important files, thereby causing real damage,” wrote the researchers.

The free Macspy spyware, offered via the same site, can log which keys are pressed, take screenshots and tap into a machine’s microphone.

In its analysis, AlienVault researcher Peter Ewane said the malicious code in the spyware tried hard to evade many of the standard ways security programs spot and stop such programs.

Mr Ewane said Mac users needed to start being more vigilant as malware creators targeted them.

“As OS X continues to grow in market share we can expect malware authors to invest greater amounts of time in producing malware for this platform.”

Statistics gathered by McAfee suggest that there are now about 450,000 malicious programs aimed at Macs – far fewer than the 23 million targeting Windows users.

Aamir Lakhani from Fortinet said Mac users should make sure their machines were kept up to date with the latest software patches and be wary of messages they receive via email.

“Mac ransomware is definitely becoming bigger,” he told EWeek. “Although market share is still small, hackers know that there is valuable data on the Mac.”

Apple declined to comment on the developments.

–

Source: BBC

The post Apple Mac computers targeted by ransomware and spyware appeared first on Citi 97.3 FM - Relevant Radio. Always.

You may not have heard of the Lazarus Group, but you may be aware of its work. The devastating hack on Sony Pictures in 2014, and another on a Bangladeshi bank in 2016, have both been attributed to the highly sophisticated group.

It is widely believed that the Lazarus Group worked out of China, but on behalf of the North Koreans.

Security experts are now cautiously linking the Lazarus Group to this latest attack after a discovery by Google security researcher Neel Mehta. He found similarities between code found within WannaCry – the software used in the hack – and other tools believed to have been created by the Lazarus Group in the past.

It’s a mere sliver of evidence, but there are other clues to consider too.

Security expert Prof Alan Woodward pointed out to me via email that time stamps within the original WannaCry code are set to UTC +9 – China’s time zone – and the text demanding the ransom uses what reads like machine-translated English, but a Chinese segment apparently written by a native speaker.

“As you can see it’s pretty thin and all circumstantial,” Prof Woodward said.

“However, it’s worth further investigation.”

–

Source: BBC

The post WannaCry ransomware cyber-attack ‘may have N Korea link’ appeared first on Citi 97.3 FM - Relevant Radio. Always.

Its popularity means malware is now responsible for 51% of all the incidents analysed in the annual Verizon data breach report.

This analyses almost 2,000 breaches to find out how firms were caught out by cyber-thieves.

It also found that measures taken by some firms after payment systems were targeted, stopped new breaches.

Glimmer of hope

The rapid rise in the number of successful ransomware attacks was widely expected, said Marc Spitler, senior manager in Verizon’s security research division, simply because so many malicious hacking groups were adopting the tactic.

“Ransomware is all about how can they get more money per infected device,” he said.

A separate report by security firm Symantec found that the average amount paid by victims of ransomware had risen to $1,077 (£834).

Consumers were likely to be hit straight away with ransomware, said Mr Spitler, but attacks on businesses were stealthier. Often, he said, attackers burrowed deeper into a company’s infrastructure to find key databases that were then scrambled before payment was sought.

In most attacks, booby-trapped attachments sent via email were the main delivery mechanism for ransomware and other malware, found the report.

“These attacks are all about getting a foothold on a system,” he said, adding that once attackers were inside an organisation they typically looked to use the back doors for many different types of attack.

Darren Thomson, chief technology officer for Symantec in Europe, said its statistics suggest about one in every 131 email messages was now harbouring some kind of cyber-threat.

“They are arriving in Word documents and Excel spreadsheets,” he said, “the messages people get many times a day.”

The Verizon report also spotted a shift in the targets of cyber-attacks with 61% of victims now being companies with fewer than 1,000 employees.

The good news, said Mr Spitler, was that some industry sectors that had been hit hard before, now appeared less often in its attack statistics – suggesting their digital defences were starting to work.

“The lack of large retailers suffering point-of-sale intrusions was a glimmer of hope,” he said.

–

Source: BBC

The post Ransomware attacks around the world grow by 50% appeared first on Citi 97.3 FM - Relevant Radio. Always.

The Walkman, a portable cassette player that, for the first time, let us take our music with us without bothering our neighbors, hit the market on July 1, 1979.

Today, it’s all about Apple’s iPod. But in its heyday, the Walkman was as synonymous with portable music players as Kleenex became to tissue and Xerox was to copy machines.

Bowing to digital reality, Sony retired the cassette Walkman in 2010.

Released in 1979, the TPS-L2 was the first model of Walkman that Sony released. It wasn’t the very first portable cassette player designed to let users listen on the go. But the earlier product, called the Stereobelt, was considered too big, ugly and expensive and didn’t last long

“Walkman” is an iconic brand name today. But originally, the Japanese Sony was afraid English-speaking customers would find the name odd and shipped it in the U.S. and other countries as “Soundabout.” The company quickly recognized the error and returned to the original name.

Sony was originally unsure how popular its groundbreaking music player would be. Many analysts thought it wouldn’t sell because it only played cassettes and couldn’t record.

Two years later, in 1981, came the Walkman II. It was smaller than the original and barely bigger than a cassette tape. It sold around 1.5 million units. The Walkman II originally came only in silver, but black and red models were later added.

You know the Walkman was cutting-edge techology if NASA crews were using it. Here, space shuttle Discovery crew Michael L. Coats (pilot, left) and Steven A. Hawley (mission specialist, right) fall asleep listening to music on the lower deck of the shuttle in 1984.

The Walkman was a delicate piece of tech that you could carry around with you, as long as you were careful with it. Then came the “Sports Walkman,” the WM-F5, in 1984, with an extra-thick plastic casing that made it water resistant and more durable.

If the Fresh Prince sported one, it had to be cool, right? It’s hard to be sure, but this may be a WM-EX88 that Will Smith is using. That model featured an all-new design and was built for ease-of-use, as well as having an LCD display of song information and a “skip track” feature.

The Walkman line has lost much of its shine in the iPod era. But like the rest of the tech world, Sony has gone digital with its iconic product. The most recent Walkman mp3 players include last year’s NWZ-W273. Smaller than many headphones, the set even lets you wear them in the pool.

–

Source: CNN

The post Happy 35th birthday, Walkman appeared first on Citi 97.3 FM - Relevant Radio. Always.