Security researcher creates ‘vaccine’ against ransomware attack

Petya ransomware

Avaccination for the global cyber attack that infected thousands of machines in dozens of countries has been discovered by an American security researcher.

The simple antidote to the Petya ransomware, which stops computers from being able to launch and demands a $300 (£234) payment, uses an empty folder to block the virus from working.

It could prevent further companies from falling victim to the attack that hit the Ukrainian National Bank, advertising giant WPP and US law firm DLA Piper. In total the incident affected 12,500 machines in 64 countries, according to Microsoft.

The fix is reminiscent of the “kill switch” for the WannaCry attack earlier this year that stopped the rapidly spreading virus after it had already infected more than 200,000 machines. But it can’t stop the Petya ransomware from spreading to more computers.

About | Ransomware

What is ransomware?Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection

How much are victims expected to pay?The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back

Unlike the WannaCry kill switch, discovered by 22-year-old self-taught Marcus Hutchins, the Petya antidote must be manually downloaded onto computers ahead of their being affected.

Amit Serper, the security researcher from Boston who discovered the solution, warned that it is probably a “temporary fix” rather than a tool to stop the problem completely.

Serper found the solution to the problem working with a UK-based cyber expert who goes by the name of Hacker Fantastic. Serper was on holiday with his family in Israel when the problem started.

When the Petya ransomware infects a machine it searches for a folder called “perfc.dll”. If it can’t find the folder it takes hold of the computer, locking files and part of the hard drive. In the event that it finds the file the ransomware is not able to work.

Following his discovery, Serper was inundated with messages of praise and some job offers. He eventually turned off notifications for people he doesn’t follow on Twitter and said he didn’t want a new job.

“I’m very happy with working for Cyber Reason, please stop emailing me. Also, appreciate the praises but let’s not go crazy. I’m not that good,” said Serper.

In a follow-up tweet he added: “Thanks for all the kind words. This is a temporary fix, let’s focus on patching, less on thanking me. Thanks again, I’m humbled.”

A kill switch for Petya appeared to be less pressing than it was for WannaCry as the former doesn’t spread in the same rapid way.

“There is low risk of new infections more than one hour after the attack,” Hutchins said.

Petya cyber attack: Ransomware spreads across Europe

01:18

The attack could have infected computers in the first instance through a flaw in accounting software, according to Cisco.

It is not clear who is behind the attack, which appeared to inflict most damage in Ukraine, but research indicates it could have been a nation state assault.

“Based on initial analysis by CyberArk Labs, what we know now is that NotPetya is different from WannaCry in that it appears to be sparing endpoints that use a US English-only keyboard. This seemingly self-imposed restriction has been seen in nation state attacks,” said

Companies in more than a dozen countries were affected by the ransomware, including the UK, US, Ukraine, Russia, Italy, Germany, France, Japan and China.

The first incident appeared in Kiev before spreading across Ukraine and Russia. At the time of writing there hadn’t been any new instances of the infection but computer systems remained crippled.

[“Source-telegraph”]

Google creates ‘crisis fund’ following US immigration ban

Image result for Google creates ‘crisis fund’ following US immigration ban

Tech giant Google has created a US$2 million crisis fund in response to US president Donald Trump’s immigration ban.

Google staff are also being invited to top up the fund, with the money going towards the American Civil Liberties Union (ACLU), Immigrant Legal Resource Center (ILRC), International Rescue Committee (IRC), and the UN High Commissioner for Refugees (UNHCR).

“We chose these organisations for their incredible efforts in providing legal assistance and support services for immigrants, as well as their efforts on resettlement and general assistance for refugees globally,” a Google spokesperson said.

The announcement follows requests by Google CEO, Sundar Pichai last week for staff travelling overseas to come back to the US. More than 100 staff are affected by President Trump’s executive order on immigration.

Since 2015, Google has given more than US$16 million to organisations focused on humanitarian aid for refugees on the ground, WiFi in refugee camps, and education for out of school refugee children in Lebanon, the spokesperson said.

Microsoft CEO Satya Nadella has also responded to the crisis, saying that as an immigrant himself, he has experienced the positive impact that immigration has on the company, the country and the world.

Nadella said Microsoft was providing legal advice and assistance to 76 staff who have a US visa and are citizens of Syria, Iraq, Iran, Libya, Somalia, Yemen, and Sudan.

In an email sent to Microsoft staff, US-based director, Brad Smith said that Microsoft believes in a strong and balance skilled immigration system.

“We also believe in broader-immigration opportunities, like the protections for talented and law-abiding young people under the Deferred Access for Childhood Arrivals (DACA) program. We believe that immigration laws can and should protect the public without sacrificing people’s freedom of expression or religion. And we believe in the importance of protecting legitimate and law-abiding refugees whose very lives may be at stake in immigration proceedings,” he said.

 

 

[Source:- Javaworld]