this code is similar to the WanaCry attacks




this code is similar to the WanaCry attacks that swept the world last May.
Information Security Companies Are Scrambling To Solve The Riddle Of Recent Ransom Attacks And Their Advice

The ransom program Betya yesterday began affecting several institutions, including government agencies and other institutions with sensitive functions, and this software was similar to the WanaCry attacks that swept the world last May.

While the agent causing this malicious code is still unclear, it is likely that it is trying to deploy to other systems via the SMB protocol, depending on the hole in the EternalBlue tool in Microsoft Windows systems. April of 2017 by hackers called Shadow Brokers. Microsoft discovered this patch and repaired it in March 2017, but some organizations did not install these updates, making them vulnerable to attacks that exploit This gap.

Once this software hits a system, it encrypts the user’s system files and prompts them to pay a $ 300 ransom to re-open and access them.

Palo Alto Networks provides protection to its customers with the new ransom software through the next generation of security solutions that support the security and security of the network, “said Scott Simkin, Senior Head, Security Threats and Cloud Computing, Palo Alto Networks. On the principle of prevention and cessation of attacks and break-ins automatically. ”

Palo Alto Networks recommends Windows users to install the latest updates from Microsoft for the operating system, and to update legacy operating systems that Microsoft has stopped providing support for.

For its part, the company, “Fire Ay” specialized in cybersecurity, in an electronic message reached the Arab portal technical news it continues to investigate reports on the activity of the threat of these devastating incidents.

Based on the company’s initial analysis, the ransom software used in this campaign simulates Bitia software in some ways as the MBR reset page is identical. However, there are some notable changes to include the propagation mechanism and delay hour for file encryption, which may be intended to allow spread propagation.

FireAy said it believes one of the carriers used in this campaign is MEDoc, which is said to be used for tax accounting purposes in Ukraine. In addition, campaign-related loads show self-propagation behavior.

Moreover, it is possible that other primary vector vectors are also involved. This activity highlights the importance of organizations securing their systems against the “Eternal Blue” loophole and infection with ransom software. “We have discovered these attacks on organizations in the following countries: Australia, the United States, Poland, the Netherlands, Norway, Russia, Ukraine, India, Denmark and Spain.”

Kaspersky Lab, the world’s leading cyber security firm, said in a statement that its analysts were investigating the new wave of ransom attacks targeting organizations around the world. The Russian company said its preliminary results indicate that the malicious software is not a copy of “Betia” as was circulated yesterday, but it is a new ransom software not previously monitored. While it has several strings similar to Beta, it has quite different functions. Kaspersky named it ExPetr.

According to the company’s telemetry data, the number of new malware victims has so far reached about 2,000, with institutions in Russia and Ukraine most affected. Kaspersky also recorded strikes in Poland, Italy, the United Kingdom, Germany, France, the United States and many other countries.

Kaspersky explained that this is a complex attack, which involves several sectors of penetration. “We can confirm that modified versions of the Eternal Blue and the International Romance have been used by criminals to spread within the corporate network.”

Like other security companies, Kaspersky advises all companies to update Windows systems: including Windows XP and Windows 7, and recommends a backup of their systems.

“The new Betia attacks are an example of real-world threats faced by institutions, governments and countries around the world,” said Taj Al Khayat, F5 Networks Director for the Gulf, Eastern Mediterranean and North Africa region. These attacks are constantly increasing to strike at services that affect people’s daily lives such as health care, postal services, transport and communications. While the person behind the new attacks is asking $ 300 to decrypt the infected files, this amount will increase very quickly. The most prominent aspect is how these attacks affect the countries’ infrastructure. When the cloud created by these attacks is cleared, “He said.

“With the new digital world of Internet-connected objects and devices focused on applications, digital attacks will increase as the new world’s new opportunities for hackers to infiltrate and penetrate data require a greater focus on security,” said Taj. Applications and data, as well as educating users about e-security issues. “


In: A Technology & Gadgets Asked By: [22648 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »