Folks,
Item the first: small site changes
- The blogroll
This was a classic case of “no good options”. Currently, and for months, the Blogroll opens in the same window. This causes some users to complain and ask that it open in a new page. I finally caved, knowing that in doing so, I would cause IOS users a headache as it blocks pop-ups by default. After making that change, I began to receive emails complaining that for them, Blogroll was no longer working. One report was from a FireFox user, so this is no longer just an IOS issue.
That got me thinking – one choice means inconvenience, the other means it doesn’t work. So the choice became clear: the blogroll will open in the current page. I’m sorry for the hassle this causes some, but hassle for some is better than not working for some! - Later this afternoon, I’ll be making a few small back-end tweaks related to security. This may make the site hiccup for a moment as the changes take hold. If you have an issue, count to 10 and reload the page and all should be well. It is possible during this brief time that comments-being-submitted may disappear into the aether. If so, my apologies, and please re-submit it/them.
Now, a brief comment on the current wave of hacking going on:
I’m sure you’ve heard about the wave of ransomware/hacking that began yesterday morning in Ukraine and has now spread around the world. In my opinion, this is another effort by North Korean-affiliated hackers to generate a huge amount of Bitcoin that will likely be used to purchase more tech and hacking exploits. I bet that a significant chunk of the proceeds from these hacks goes back to NK’s coffers, but these likely foreign-based operations need funding, and I think that they likely resort to these types of hacking to keep the electricity on, as it were. I don’t think it coincident that NK re-commenced their numerical code broadcasts about 2 weeks before the last big hack happened.
The issue of concern from my perspective is that this is the second wave of ransomware-hacking on a global scale. I suspect that many of you have read about how a bunch of NSA exploits and hacking tools were stolen, likely from a contractor, and are being released. If a nation state’s hackers were behind the theft, then perhaps they are using these exploits to generate money before systems are all patched. If this is the case, then these first ransomware attacks are probably using the least-valuable exploits, ones that have already been patched in most systems. I fear that, in the coming weeks, we’ll see more and more of these attacks, and that they will be much more effective, when they begin to use 0-day exploits that no one except the NSA knows about. (On a side note, is the NSA/US Government financially liable for the effects of their stolen cyber weapons?)
So the question is, what can you do/not do?
These important things:
- Ensure that your computer(s) are fully up-to-date. This means Windows, Mac, Linux, phones/tablets. Automatic updates are a requirement in this era, embrace them. As soon as an update is released, bad guys analyze it to see what was fixed. Then they target that issue in hopes of catching machines that aren’t yet patched.
- Ensure you are running quality Anti-Malware/Anti-Virus software on all appropriate machines. I don’t like to recommend certain brands, but I’d stay away from Russian brands (bye-bye Kaspersky, I cannot trust your great products ever again) and avoid the cheap/free/no-name options.
I buy an annual 5 computer license via Amazon, use the digital download option, and it’s like $25 a year. DO IT NOW if you do not have such software. Although I use Norton Security, McAfee is another trustworthy name. Neither product is ideal, and I know many of you hate them with a passion for their performance, but for many lay-users, they are sufficient. They are not better than other options, but I prefer them to any free or no-name solution.
Please try to start your Amazon purchases using the link here or in the sidebar on the desktop site, or in the comment area or top of a post on the mobile site. Every purchase made using these links generates a bit of $ for the site!
- Ensure that all important files are backed up. I love cloud storage/backup because it means there’s a copy off-site, so if my local copy gets screwed up, I can get a good copy. I also like a local backup of my files, so I use a on old Raspberry PI with a hard drive as a Samba-powered backup server. It’s simple, effective, and silent.
For my most important machine, I backup the entire hard drive (I use CloneZilla to copy the entire disk to an external USB drive) every week. That way, worst-case scenario, I can restore my Windows and programs, downloading my files from local or cloud backup. - If you have an old PC or two on your home network, say for the kids to use or for guests, take them off the network if they are running the following operating systems: Windows 95/98/ME/2000/XP/Vista. All of these are no longer supported which means that any exploit that comes out that targets them will be successful. Email and website are the most likely vectors, and, especially with teens, website visits include some gnarly, crap-ridden sites. Ideally, update old computers to a modern version of Windows, or replace the operating system with a more-secure, free option. Linux Mint is a great operating system that works on almost any old machines. I’m quite partial to Ubuntu, both the GUI version and the “headless” server version that I use for my home media server.
I love the idea of a Chrome Book and similar paradigms – they do seem to have a very good security model. - If you are running an Android tablet or phone, ensure that you’ve got good security software installed. In IOS, we’re ok because of Apple’s walled-garden approach, but with Android, things are much more dangerous. Related to my suggestion of Norton or McAfee, both include options for installing on your devices.
- Never click on a link in any email about any account. Always use a new tab in your browser and type in the site’s address yourself and login as you normally do. Often, well-crafted emails purporting to be from a bank or other financial institution will contain links to sites that look and behave much like the real one, but record your username, password, secret questions/answers, etc. and then use that data to steal your money from the real site. Such emails are also often ways that trojans and other nasties get loaded onto your machine.
- NEVER put a found USB stick into a connected, important machine. Bad guys are clever – they know people love to find free stuff, and when they do, they hope that there’s something valuable or neat. So bad guys will drop a few poisoned USB sticks in areas where people will find them, then rush home/to the office to see what’s on it, how much room it has, etc. Such a technique will often infect a machine and perhaps other machines on the network faster than you can believe.
I use a Linux machine to investigate such things, since I’m sure that Windows is the real target, though these days I just break them and dispose of them without even looking – better safe than sorry, and hopefully if it’s legit, I’ve saved someone’s important data from being found by someone not-so-benign. - Don’t leave machines running all the time if you’re not using them daily – an unattended machine is a sitting target. Always check machines at least once a day or so to ensure all looks ok. Nothing like checking your machine after ignoring it for two weeks, only to realize that the deadline for paying ransom expired last week!
To conclude, let me explain briefly what a ransomware attack looks like.
The Basic Mechanism
Basically, these things get into your machine and then use high-grade encryption to encrypt all the files on your computer. This means that instead of your resume, that Word doc is a scramble of characters that makes the file unusable and unreadable. You are often given a short-term deadline (3 days) to pay $300 in Bitcoin to undo this, or can take up to 7 days to pay $600. During that period, if the payload on your machine receives a “they’ve paid” signal, it will unscramble your files. If the 7 day limit is passed, your files are re-scrambled with a random encryption key which is never saved, so your files are permanently scrambled. Or at least for the next few years until tech and decryption breakthroughs mean it will take days not decades to decrypt your files. By then, you’ll likely not care.
Signs of a Compromised System
Basically, you’re using your computer and it gets slower, and you might get errors running programs you use routinely, or messages about corrupted files. This is the infected stage – the payload is on your machine and is in the process of encrypting your files. Turning off the computer or shutting down won’t necessarily stop things, but it might. It also might result in your already-encrypted files being permanently scrambled as the tool didn’t get a chance to complete the process and present a ransom demand. If the files are important, it’s almost better to let the encryption process finish so that you can pay them off, confidant that your files are recoverable.
Once the payload has determined that its encrypting-files job is complete, it will present a screen that you cannot dismiss. It will contain instructions, links to tech help, often even live chat-based support, believe it or not. Once you see the screen, it’s time to go buy $300 of Bitcoin and send it to the file-nappers. There are no other options, sadly – the FBI, NSA, etc. cannot help.
So when you hear about a hospital or a company dealing with this, we’re talking about many-to-most-to-all computers being infected. Imagine how much a company has to pay to release all their computers! In a home user situation, having to pay for one machine is bad enough, but having to pay for multiples can quickly get very expensive. Hence the utility of having your files backed up – as long as you have them, you can pay to release the important computer or two, and for the rest, you can reformat, re-install the Operating System, and all your programs.
These truly are scary times – take precautions and be safe!
MattF
And, for the record– backups for the Mac:
1) Time Machine. System-level, incremental backups, lets you go back in time day-by-day until your backup disk fills up. I use half of a 4TB Western Digital disk. You just plug in your HD, and turn TM on in the ‘Settings’ pane, and you’re set.
2) Whole disc backup. I use SuperDuper, which generates a bootable copy of your HD on an external disk. The first backup takes a while, but after that it’s a half-hour incremental backup. I use a separate HD, not the TM backup disc.
3) Cloud backup. I use CrashPlan. It works.
And yeah, you should do all three.
Major Major Major Major
Thanks Alain!
Some folks last night were mentioning pie filter bugs too, maybe people can add any of those to the comments here.
Alain the site fixer
One more detail that didn’t fit but is related – Bitcoin value. The Bitcoin price went down 10% Monday, right before this latest attack happened.
Kind of makes me wonder if a lot of the previous ransom-attack-generated-Bitcoins were transferred to other currencies Monday. That would depress Bitcoin price. So, selling off some of the proceeds from round 1 puts cash in hand and leads to cheaper Bitcoin for round 2 ransomees which, once the price rebounds/grows, makes the haul from round 2 even higher.
Alain the site fixer
@Major Major Major Major: Yes, if anyone has such bugs, please do report them here. I’ve not been on the site much this week, and we’ll see how much I am today or tomorrow as I’ve got lots of other pots on the stove.
Alain the site fixer
@MattF: Thank you for those important details!
In Windows, making a whole-system backup can be complicated, especially in Windows 10. You have to go to Control Panel/File History/Look at bottom left of window and click on System Image Backup and then set it up. The set it up begs to be 100th as easy to do as Time Machine. I love that feature of Macs, it just works, is elegant, and simple to setup.
chris
@Major Major Major Major: And here I am! Turns out that I was right, rebooted this morning and the filter works fine. Sometimes there are glitches when I don’t reboot after an update.
It’s working but…
Major Major Major Major
@Alain the site fixer: so you’re saying I should buy Bitcoin.
Derelict
My “solution” is to back up to outside drive(s), and use a computer so inexpensive that the ransom is more than buying a new machine. My current Toshiba only cost $600, loaded with software. While I wouldn’t be thrilled with throwing it away, I wouldn’t be devastated, either. And since the 7-day ransom is $600 . . .
MattF
@Derelict: I had that attitude until, one day, I decided to put all my financial stuff– all records, all transactions, all billing and bill payments– in near real-time and on-disk instead of monthly and on-paper. Once it’s set up it works nicely. But you must have reliable backups.
chris
@Derelict: Do you need to throw it away? Couldn’t you replace the drive?
daverave
I thought the CW was to not pay the ransom? The thinking being that there is no guarantee that your files will be un-encrypted and paying the ransom only further encourages the malicious behaviour.
chris
@Alain the site fixer: US dollar isn’t that healthy right now. It’s almost back to the 9NOV16 (awful day!) low. Shitgibbon has accomplished so much!
Alain the site fixer
@Major Major Major Major: I wouldn’t advise buying btc except for transactions or as a lark investment. Truly, it’s going to crash hard sometime soon…or not. Exciting, but not an investment to count on, it seems to me.
Major Major Major Major
@Alain the site fixer: I didn’t mean as an investment, I meant for the week :P
I mostly only use it for micropayments to places that don’t take Dogecoin.
Origuy
According to Extreme Tech, the email address to pay the ransom for this latest attack, yclept “NotPetya”, has been disabled. So there’s no way to pay the ransom.
Oh, and this is really good news: Cyberattacks Disrupt Chernobyl’s Automatic Monitoring System
Alain the site fixer
@Derelict: You can always format the drive and reinstall Windows, programs, etc. It doesn’t kill your computer, it just makes it unusable in current form!
@daverave: If you have a backup and such, then yes, don’t pay. If the choice is my files or $600, I’ll pay every time. Have a good backup and they have much less leverage. But whole companies, hospitals, foreign gov. agencies, etc. have been paying off, machine at a time, because they need stuff to work, and NOW.
@chris: Not surprising. The second month of durable goods being bad has me somewhat concerned, plus there’s likely a bunch less foreign folks touristing in many places outside of the bog-standard populated places.
catclub
@MattF:
It seems to me that if that HD is connected while any virus gets on your mac, it will have the knowledge to corrupt all the backups.
Just my happy thought of the day.
Villago Delenda Est
As for AV software, I like AVG’s product, but that’s just me. They also sell some other utilities that I’ve found handy.
satby
Simpler and cheaper solution: always back up to an external drive which is disconnected between backups. If your system is compromised, format that sucker and restore your backup.
Major Major Major Major
@catclub: You can go into a Time Machine backup and remove the files in question before you restore; and it doesn’t include any system files IIRC.
@satby: That doesn’t help if your house burns down.
Kelly
Chromebooks work well for me and my 81 year old mother. We have simple needs, browsing, email and for me a few spreadsheets and documents. My wife runs an up to date Windows machine because she loves Photoshop. If anyone else is tech support for friends and family encourage them to buy Chromebooks. If they need you for tech support they can probably live comfortably with a Chromebook.
MattF
@catclub: Yes. Which is why my bootable system duplicate backup is almost always turned off and unmounted. It’s on, once a week for a half-hour to do that incremental backup.
ETA: And, also, the OS prevents anyone from making direct changes to the data on the TM disc.
Alain the site fixer
@Origuy: Thanks for the update.
To be clear – my policy is to have updated and secure and protected systems, with local, cloud, and system backups – but if the choice is between getting my files and sending $600, I’d pay immediately, without hesitation. I’d pawn something, borrow, pretty much anything because without them I’d be f-ed, plus lose all my pictures, historical scans, home movies, old email, writings, the ephemera of digital life from 1985-on, etc.
Alain the site fixer
@catclub: My concern as well. I do the external, connect and run, then detach approach. I need to do it for my second machine – I dodged a bullet late last week when its drive was failing. I clones it to a new drive and all is well, but I don’t have a backup-proper of it.
Alain the site fixer
Well it’s lunch time, then my memory upgrade arrives and I’m doing a little computer maintenance when I install it, so I’ll check in later, once I’ve got my computer back up and running. That’s when I’ll make the back-end tweaks, roughly 3:30ish. Peace out y’all
The Moar You Know
@chris: Modern malware can infect other things besides the hard disk. I’d toss the computer in a heartbeat.
Jerzy Russian
Serious question: Can’t the authorities track down the owners of the E-mail address to which you have to send the bitcoins and kick said owners in the nuts before dragging them off to prison? If not the owners of the account, then the operators of the server which hosts that E-mail account?
On a slightly related note, more and more people out there need a kick in the junk, and I have often wondered if there is a service whereby someone can arrange for these kicks to happen. I thought kickstarter looked promising, but as I looked into the matter more, it seems that kicks in the junk are not a part of their product line.
EBT
FWIW I have never heard of of “blogroll” before and you may very well be putting a LOT of heart ache in for a feature five or six people from the year dot still use.
Villago Delenda Est
@Jerzy Russian: If the email address traces down to somewhere out of their jurisdiction (like say the People’s Democratic Republic of Korea) there’s not much you can do short of war to get to the owners.
Kicks in the junk and clue-by-fours upside the head would be appropriate, for sure.
Major Major Major Major
@Jerzy Russian: You don’t send bitcoin to an email address, it’s an anonymous (if done correctly) ‘wallet’ address that exists nowhere but by the consensus of most bitcoin users agreeing it exists. More or less.
raven
OK, I just bought Norton, hope it doesn’t fuck my shit up.
StringOnAStick
@chris: That’s a very interesting chart, looks like that hard break in mid May this year is when things went seriously bad and now can’t get back up to that level.
In general Wall Street prefers the USD as the world’s reserve currency but there are enough utter sociopaths in that business who really wouldn’t care and will position themselves accordingly; they might even want to provide a nudge or two in that direction.
Back when I had access to some professional NYC traders, I had a long running and very acrimonious discussion with a younger trader who could have been Paul Ryan’s twin and who hated the idea of SS and retirement for the “lower orders” with an absolute passion; he was determined to see it eliminated in his lifetime. I doubt he’s changed and I’m sure there are a lot more like him in that part of our economy. Even back then it pissed me off that hedge fund managers got away with paying so little in taxes on their income thanks to gaming the tax code, and that shit needs to stop as soon as we gain power again. It’s a bullshit special interest clause with no reason to exist other than some wealthy bastards paid to get it passed.
Jerzy Russian
@Major Major Major Major: Thanks for the response. At some point don’t bitcoins have to be converted to “real” money to be useful in a practical sense (paying the electricity, getting gas for the generators and cars, etc.)? I don’t see how these hackers can stay hidden forever, assuming they are not being helped by large governments.
Dan Mulligan
I don’t like to hype any product but I a have always hated Norton and Mcafee. Eventually went with AVG which has been almost completely trouble free on windows anyway.
P.S.: I have no interest in the company.
Major Major Major Major
@Jerzy Russian: Well, one, they could very well be being helped by large governments. But you’re right that in general bitcoin is not spectacularly useful as a real-world currency… it’s best to think of it as a commodity like gold. Valuable, but quite volatile, and you can’t buy a loaf of bread or pay taxes with it. Although at least you can drop gold on your foot.
However, there are unscrupulous people who will trade gold for cash, no questions asked. And, while bitcoin is somewhat regulated in the US insofar as brokerages have your ID and keep records and are often hooked into a bank account for direct deposit, that’s not the case everywhere. So it’s sort of like the hackers have an unmarked brown paper sack full of gold jewelry that they can’t really explain how they came to possess.
EBT
@Alain the site fixer: Why don’t you keep those things on a deep freeze back up as well? Not saying everyone needs to put everything on a drive that only gets powered up sparingly but back ups of your personal photos from the past sure could just live on something that only powers up if you need known goods.
Aleta
If you have a clone of your drive, can you reformat your internal drive and reinstall the clone? (Never done this but heard about it. There’s an app on my new machine called SuperDuper that makes clones on an external drive.)
ruckus
@Villago Delenda Est:
Used to use AVG, at the time it was thought to be the best. But freeing myself from MS lessened the need for an outside, working product, because the os was crap. Don’t have a clue if it’s still a good product.
(((CassandraLeo)))
In addition to everything Alain mentioned, I’d honestly suggest disabling JavaScript by default and only enabling it on trusted sites where it’s necessary/annoying to have it disabled. This can create minor annoyances at times, but JavaScript has a number of horrible security holes, and it can be used to spread malware.
Also, too, use FlashBlock if you’re using Firefox, and disable Flash by default as well if you’re on Chrome.
EBT
@StringOnAStick: Some people simply deserve to be killed with a claw hammer to the back of the head.
Aleta
@MattF: oh, just read the 1st comment. Thanks. Person I was just talking to said to use a completely clean HD with SuperDuper.
J R in WV
Our local architecture, is all either Ubuntu or android on a tablet which is usually off, phones same. There may be other versions of Linux on servers/routers/etc…
Tell me about firewalls on Linux like I’m 5, please, someone?
Derelict
@chris: Meh, beats me as to whether I could replace the drive or not. Happily, I’ve never faced this dilemma! Norton permitting, I never will.
dance around in your bones
@Jerzy Russian: On a slightly related note, more and more people out there need a kick in the junk, and I have often wondered if there is a service whereby someone can arrange for these kicks to happen.
It’s not kicks in the junk, but one CAN buy a bag of dicks to be sent anonymously to the recipient of one’s choice ?
https://shipabagofdicks.com/
low-tech cyclist
I thought Windows Defender was supposed to do that for Windows 8 and 10, and Microsoft Security Essentials for Windows 7. Alain, any explanation of what Defender and MSE do and don’t in the way of protecting my computer?
Steeplejack (phone)
On a Win10 system (kept updated), is Windows Defender not enough antivirus protection? It has been several years since I used any of the others. What do they add?
@low-tech cyclist: Great minds, etc.
Alain the site fixer
@J R in WV: ufw is your friend. Search for Digital Oceans info on it, very clear.
Alain the site fixer
@low-tech cyclist: Windows defender is quite good but I won’t rely on just it. This fall Microsoft will update Windows Creators
Edition again and that will have an AI helped engine to stop things from spreading. Of course it won’t be for general public at first. I used to trust MSE and Windows Defender but over the past two years
I’ve embraced Norton.
Alain the site fixer
@Steeplejack (phone): it probably is but I can’t afford to get infected. Besides my work and such, the wife works for a Frderal government contractor so need to keep stuff semi-secure so it doesn’t infect her stuff and cause an issue!
chris
@J R in WV: Got mine from Reddit.
Link
Mint is based on Ubuntu but does have its own subreddit if you prefer.
DHD
I’m sorry, but this take on what happened yesterday is just wrong.
This latest attack, which is going by #NotPetya, is a different from the NK-associated things we saw a few months back. The payment mechanism is so useless that they must have known from the start it wouldn’t generate much money (a couple thousand dollars at last count) – the e-mail address to get the decryption key was promptly deactivated, notwithstanding the fact that in order to get the key you’d have to exactly type a quite long sequence of gobbledygook manually into an e-mail while looking at your screen, from another computer that wasn’t compromised. In any case, if that isn’t clear enough: It is not possible to get your files back, do not try to pay!
The file types it encrypted were targeted to disrupt software development – for instance it does not scramble .ppt files, but it does scramble .c, .cpp, .py, .pdf, .rtf, .conf, and various others that J. Random Administrator at MegaCorp isn’t likely to care about or have lying around on their laptop.
It also doesn’t spread over the open Internet but has to be targeted to individual companies or government agencies. It attacks via remote administration and upgrade tools that are commonly used on corporate networks.
Given that the epicenter of the attack was Ukraine, it is not hard to believe that this was sponsored by the Russian government or its associates. To be clear: the goal of this was not to make money but to cause economic damage.
Central Planning
More info on the current ransomeware outbreak can be found at the Cisco Talos Intelligence blog
Also, make sure you’re using OpenDNS for your home DNS. You can get a free account for a single IP address.
chris
@J R in WV: I also use nod32 antivirus on my desktop and phone. My Linux guru says I’m paranoid but it’s cheap and I sleep better knowing that it’s on my side.
J R in WV
@Alain the site fixer:
Thanks, looks like, maybe explain like I’m 12, which is OK with me. I have been there before, but it was not yesterday.
@chris:
Also thanks, reddit, should have thought of that, not really good at finding things on reddit, so…. confusing. And the distractions. Like land-mines of Oooooh!
Now it’s on me!!
kindness
When we were using PC’s (now a happy Mac camper) we ended up using Kapersky last. So sorry to hear it shouldn’t be trusted as I hated Norton & what ever that other big one was. They both were machine hogs.
Alain the site fixer
@kindness: kaspersky is suspect because of close relations with Russian intelligence services. No guarantee there’s not a hidden attack vector waiting to be activated, and with the cyber stuff heating up, I feel better keeping that out of my machine world.
Pinacacci
@EBT: As one of those 4-5, I was thrilled when the auto-open-in-new-tab was enabled (since you can’t right-click your way out of the blogroll) and am sad to see it revert, but Alain’s explanation was welcome, totally valid, and lessens the pain. Obviously it’s a minor enough matter, just one of those things for those of us too lazy to keep our own bookmarks.
ETA: Alain@56 same on kaspersky, used to love them
And thanks again, Alain. Your hard work is much appreciated.
Alain the site fixer
@DHD: huh. I didn’t know that level of detail. If details are correct, then not likely to be NK. But I did listen to the BBC pretty much all day yesterday and heard lots of reports from around the world. It started in Ukraine but lots of other countries were affected. Or perhaps two different things are going on? I’ll read up on it more.
Alain the site fixer
@Pinacacci: I’m not happy with current solution so don’t give up on it yet!
Geez, will my memory get here already! My office is on top floor so I can’t hear door so I’m chilling on ground floor waiting and getting very antsy.
MattF
@Aleta: Probably a good idea to use a blank disc, but it’s actually not necessary, IMO. I’ve booted up from and then used SuperDuper to copy the external clone onto the system HD with no issues.
Alain the site fixer
@Pinacacci: agreed. They make good stuff. I keep a Kaspersky rescue CD just in case I need to clean an infected machine. Wouldn’t help for removing active ransomware but great for cleaning out a school-age kid’s crap-infested Minecraft/mod computer.
EBT
@Pinacacci: Still, what IS it. And where is it? I don’t see anything labeled as such, certainly nothing I click in my own day to day useage of the site has changed. Besides I think the diagonal lines went away finally so awesome job on that one Alain :)
Alain the site fixer
@EBT: it’s in the sidebar which you don’t see on the mobile site and is a bottom section if viewing the desktop site on a phone
Oh and it shows links to other sites of interest
trollhattan
@DHD:
Corrupts PDFs? That would annihilate a lot of on-line libraries and record storage.
trollhattan
Anybody using Avast for their home computers? I use it on Android devices only and it seems good.
DHD
@Alain the site fixer: Apologies for the sort of arrogant tone of my comment! There is a lot of confusion about exactly what this latest attack does and people are not entirely sure how it infects or spreads. Here is an interesting article that I should have linked:
https://www.bleepingcomputer.com/news/security/before-notpetya-there-was-another-ransomware-that-targeted-ukraine-last-week/
A bunch of terse and technical info about the attack:
https://gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759
Kaspersky was the only anti-virus that was able to block it to my knowledge. Not going to speculate on how that came to pass ;-)
DHD
@trollhattan: Yeah … it really seems to have the goal of causing high-value economic damage. Doesn’t touch people’s photos, music, other mundane stuff.
EBT
@Alain the site fixer: Ah ok, my blocker doesn’t render that at all so I was confused as to what it even was.
Alain the site fixer
@DHD: thank you, and you had the most desired effect that one can have on another – you made me stop and doubt my conclusions and reconsider. I’ll review those links when I’m reading later. These days I do wonder if what I read is disinfo or only a partial truth. I wish we had universally-recognized empiric authority but we don’t and that’s a major issue we as a species need to get a handle on.
Forgot to say that, specifics about this attack aside, the big points remain valid and be careful out there, folks.
TenguPhule
@Jerzy Russian:
I am trying to fundraise steel toed boots.
EBT
@DHD: Hasn’t poots recently charged a Kaspersky engineer with treason?
Alain the site fixer
@EBT: for working with US intel.
NotMax
Am I the only one who finds the alternating red and blue lettering at the top of the sidebar incredibly ugly?
Alain the site fixer
Backend tweaks postponed until tomorrow
schrodingers_cat
@NotMax: No you are not alone.
(((CassandraLeo)))
@trollhattan: I’ve been using Avast on my Windows box for a year or two and haven’t had any problems.
lurker dean
just saw this possible solution on mashable:
http://mashable.com/2017/06/28/ransomware-notpetya-cyber-attack-protection/
98% sure that the name is is perfc.dll Create a file in c:\windows called perfc with no extension and #petya #Nopetya won’t run! SHARE!! https://twitter.com/0xAmit/status/879764284020064256 …
3:07 PM – 27 Jun 2017
His observation, which has since been confirmed by other researchers, is that NotPetya looks for a specific file on a computer before encrypting the computer’s contents. If that file is located, the ransomware won’t proceed.
MjOregon
Thanks for the info, Alain. My Kaspersky expires next month and I was thinking about changing it over to either Norton’s or McAfee this time so I can protect our Android tablets too. I have to redo mylaptop backup plans though and today is as good as any to decided what to do.
Aleta
@MattF: thanks
MattF
Some new info about the malware attacks from Ars Technica. Basically, the ‘ransomware’ function of the malware was a sham, meant to mislead. The purpose of the malware was to sow chaos in Ukraine, making it, by implication, almost certainly a Russian operation. Interesting to note that Kaspersky basically agrees with that assessment.
J R in WV
@NotMax:
It is probably intentionally ugly, to attract more attention.
See there, we’ve both commented on it today, after days of …nothing.
Odie Hugh Manatee
@raven:
Open Norton, click on Settings at the top-right of the window. In the window that opens, select Administrative Settings and when the dialog window opens, scroll down, turn off Special Offer Notification, click Apply and close Norton up. You’re welcome… ;) Although Norton will auto-update when left alone for a few, best practice is each time you use your system right-click on the Norton icon in your Windows tool tray and select Run Live Update to bring you up to date before sallying forth on the intertubes. :)
debbie
@MattF:
You’re probably long gone, but what anti-virus program do you use on your Mac?
MattF
@debbie: I’ve been using Sophos Home– which is free, although there is a ‘premium’ version. It does the basic full scan for signatures of known malware, and that’s really all I want.
Odie Hugh Manatee
There is a way to “inoculate” your system(s) against the Petya virus.
Shorter version:
– Use Notepad to create three new text files and name them:
perfc
perfc.dat
perfc.dll
In the link I gave they just copy Notepad.exe three times and rename the copies)
– Right click on each file and on the tab that opens, set the read-only attribute to checked (on).
– Cut and paste all three files into your C:Windows directory.
Note: You may need to go into your files and folders settings and set the properties to show all files if you do not see your C:Windows folder in Explorer (file explorer).
Done!
Joy in FL
Thanks so much for the info and the discussion. I appreciate how BJ people share expertise for the good of all.
DanF
Also end-of-lifed is Windows 10 build 1507. You should be able to do an in-place upgrade to 1607. if you were an early adopter of Win 10, check your version!
DanF
@Odie Hugh Manatee: Probably better to just disable SMB version 1. It’s the exploited network protocol and isn’t used by any OS after Windows Server 2003. This will inoculate your system against WannCry variants. http://windows7themes.net/en-us/how-to-disable-smbv1-on-windows-7-8-and-10-to-protect-yourself-from-ransomware-wanacrypt0r-2-0/
Odie Hugh Manatee
@DanF:
That’s a given (and done to all systems at my end), just forwarding additional info relating to the virus and further mitigation.
debbie
@MattF:
Thanks!
Odie Hugh Manatee
A quote from a member at [H]ardForum:
Maybe adding the files as above (in my other post) isn’t a bad idea…
DanF
@Odie Hugh Manatee: Looks like it couldn’t hurt at any rate. I’m surprised they’re using a static name for the file.
Sasha
I use Comodo. No problems so far.