#WannaCry Ransomware Exposed As A False Flag Attack On Bitcoin

In this video, software and blockchain developer Vin Armani examines the WannaCry ransomware that the corporate media acted like it was the end of the world. Ultimately it appears to be an amateurish false flag attack on bitcoin. But upon digging into the bitcoin addresses used in the attack, Vin discovers a potentially much more nefarious attack on bitcoin.

Source: #WannaCry Ransomware Exposed as a False Flag Attack on Bitcoin

Another Large-Scale Cyberattack Underway: Experts

A global cybersecurity firm has warned that another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide.

 

Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday.

The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.

Following the detection of the WannaCry attack on Friday, researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz, said Nicolas Godier, a researcher at the computer security firm.

“It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.

Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus….continue reading

Experts Find Cyber Attack Using Adylkuzz, Another NSA Hacking Tool

The world faced a massive ransomware attack using WannaCry, an NSA hacking tool last week, which affected 150 countries.

While investigating the WannaCry attack, experts found another ongoing cyber attack. The cybersecurity firm Proofpoint said the newly discovered attack, using Adylkuzz, is a lot quieter than WannaCry, but “has likely generated millions of dollars in cryptocurrency for the unknown attackers.” ABC News continued:

According to Ryan Kalember, the senior vice president for cybersecurity at Proofpoint, the attack employed the same hacking tools developed by the U.S. National Security Agency (NSA) and leaked to the public by the hacker group Shadow Brokers in April to exploit vulnerabilities in the Microsoft Windows operating system.

“I would say the real-world impact of this attack is going to be more substantial than WannaCry,” Kalember told ABC News. “Ransomware is painful, but you can restore operations relatively quickly. Here, you have a huge amount of money landing in some bad people’s hands. That has geopolitical consequences.”

The firm reported it found attacks from Adylkuzz “dating back to May 2, which would predate the WannaCry attacks, making Adylkuss the first known widespread use of the leaked NSA hacking tools.” Again, no one noticed this attack “because its impact on users is far less noticeable than ransomware.” ABC News continued:

“It takes over your computer, but you probably don’t notice anything other than that the system runs really slow,” Kalember said. “Your computer might be mining cryptocurrency for some very bad people.”

Proofpoint described why the attackers used Adylkuzz:

In this attack, Adylkuzz is being used to mine Monero cryptocurrency. Similar to Bitcoin but with enhanced anonymity capabilities, Monero recently saw a surge in activity after it was adopted by the AlphaBay darknet market, described by law enforcement authorities as “a major underground website known to sell drugs, stolen credit cards and counterfeit items.” Like other cryptocurrencies, Monero increases market capitalization through the process of mining. This process is computationally intensive but rewards miners with funds in the mined currency, currently 7.58 Moneros or roughly $205 at current exchange rates.

Figure 3 shows Adylkuzz mining Monero cryptocurrency, a process that can be more easily distributed across a botnet like that created here than in the case of Bitcoin, which now generally requires dedicated, high-performance machines.

No one knows the attackers behind this attack, but Kalember stated that the “North Korean-backed Lazarus Group – the same hacker group linked to the WannaCry attacks – launched a similar cryptocurrency mining attack in late 2016.”

Microsoft produced patches for PCs “to address the vulnerability exploited by both WannaCry and Adylkuzz.” Proofpoint warned people that if the attacks poisoned their PCs, it can still remain compromised even after installing the patches. The firm encouraged everyone, though, to download the patches.

Source: Experts Find Cyber Attack Using Adylkuzz, Another NSA Hacking Tool

Top 15 Things to Know About the ‘WannaCry’ Global Ransomware Hacker Attack

Over the weekend, a virus infected thousands of computers around the world, locking up their data until a ransom was paid. Experts believe the virus uses tools stolen from the NSA to infect computers running the Microsoft Windows operating system.

The impact of the attack, using a virus known as ‘WannaCry’, appears limited in the United States so far, although security analysts fear that could change in the coming days. The virus has been running wild across Europe and Asia, inflicting an untold amount of financial damage and putting lives in danger, since one of the biggest targets was Britain’s National Health System.

Following are 15 important facts about WannaCry, including tips on how to protect vulnerable systems…. continue reading

New Variant Of ‘Ransomware’ Begins To Spread: “We’ve Never Seen Anything Like This”

Governments and companies around the world began to gain the upper hand against the first wave of the unrivaled global cyberattack this morning.

More than 200,000 computers in at least 150 countries have so far been infected, according to Europol, the European Union’s law enforcement agency. The U.K.’s National Cyber Security Centre said new cases of so-called ransomware are possible “at a significant scale.”

“For now, it does not look like the number of infected computers is increasing,” said a Europol spokesman. “We will get a decryption tool eventually, but for the moment, it’s still a live threat and we’re still in disaster recovery mode.”

The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts warned the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.”

“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” wrote the researcher, who uses the Twitter name @MalwareTechBlog.

“So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.”

But the world is still digging out…. continue reading

WannaCry Kill-Switch(ed)? It’s Not Over! WannaCry 2.0 Ransomware Arrives

If you are following the news, by now you might be aware that a security researcher has activated a “Kill Switch” which apparently stopped the WannaCry ransomware from spreading further.

But it’s not true, neither the threat is over yet.

However, the kill switch has just slowed down the infection rate.

Updated: Multiple security researchers have claimed that there are more samples of WannaCry out there, with different ‘kill-switch’ domains and without any kill-switch function, continuing to infect unpatched computers worldwide…. continue reading

Worldwide Ransomware Attacks: What We Know So Far

Security agencies are hunting for those behind a crippling cyberattack which has so far hit hundreds of thousands of computers worldwide, including at government agencies, factories and health services.

Here is what we know so far about the cyber ransom attacks:

– What happened? –

The cyberattacks started Friday and spread rapidly around the globe using a security flaw in Microsoft’s Windows XP operating system, an older version that is no longer given mainstream tech support by the US giant.

The so-called WannaCry ransomware locks access to user files and in an on-screen message demands payment of $300 (275 euros) in the virtual currency Bitcoin in order to decrypt the files…. continue reading

%d bloggers like this: