The Apple Pips

Inside All Apple Products

Tag: ransomware (Page 1 of 8)

WannaCry ransomware is still alive, and it just forced Honda to close one of its plants

WannaCry Ransomware

Just over a month ago, a nasty piece of ransomware called "WannaCry" began infecting PCs all across the world at an alarming rate. Based off of a leaked NSA exploit, the malware worked by encrypting all of a user's files and offering up a decryption key only upon receipt of a $300 payment via Bitcoin. In the span of just a few days, WannaCry managed to infect nearly 300,000 machines, a tally which could have been much higher had it not been for a researcher who inadvertently activated WannaCry's kill-switch.

Continue reading...

Trending right now:

  1. New Galaxy Note 8 leaks show a design that’s even hotter than the Galaxy S8
  2. Amazon’s 15 best deals: $23 AirPods rival, Steam Controller, $22 action cam, Dell 2-in-1, more
  3. Leaked parts pieced together to show us Apple’s iPhone 8

Honda shuts down factory after finding NSA-derived Wcry in its networks

Enlarge (credit: S-8500)

The WCry ransomware worm has struck again, this time prompting Honda Company to halt production in one of its Japan-based factories after finding infections in a broad swath of its computer networks, according to media reports.

The automaker shut down its Sayama plant northwest of Tokyo on Monday after finding that WCry had affected networks across Japan, North America, Europe, China, and other regions, Reuters reported Wednesday. Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm, which struck an estimated 727,000 computers in 90 countries. The mass outbreak was quickly contained through a major stroke of good luck. A security researcher largely acting out of curiosity registered a mysterious domain name contained in the WCry code that acted as a global kill switch that immediately halted the self-replicating attack.

Honda officials didn't explain why engineers found WCry in their networks 37 days after the kill switch was activated. One possibility is that engineers had mistakenly blocked access to the kill-switch domain. That would have caused the WCry exploit to proceed as normal, as it did in the 12 or so hours before the domain was registered. Another possibility is that the WCry traces in Honda's networks were old and dormant, and the shutdown of the Sayama plant was only a precautionary measure. In any event, the discovery strongly suggests that as of Monday, computers inside the Honda network had yet to install a highly critical patch that Microsoft released in March.

Read 2 remaining paragraphs | Comments

Web host agrees to pay $1m after it’s hit by Linux-targeting ransomware

(credit: Aurich Lawson)

A Web-hosting service recently agreed to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites, the company said recently.

The South Korean Web host, Nayana, said in a blog post published last week that initial ransom demands were for five billion won worth of Bitcoin, which is roughly $4.4 million. Company negotiators later managed to get the fee lowered to 1.8 billion won and ultimately landed a further reduction to 1.2 billion won, or just over $1 million. An update posted Saturday said Nayana engineers were in the process of recovering the data. The post cautioned that that the recovery was difficult and would take time.

“It is very frustrating and difficult, but I am really doing my best, and I will do my best to make sure all servers are normalized,” a representative wrote, according to a Google translation.

Read 2 remaining paragraphs | Comments

‘The Witcher’ developer hit with ransomware targeting new game material

cd projekt red ransom

When a lone hacker or group sends ransomware out into the world, the effects can be devastating for individuals who find their hard drives packed with family photos, tax documents, and other private information locked up. But when the target is a video game developer, and the hacker directly steals information linked to a highly-anticipated new title that the general public knows hardly anything about, the stakes are even higher. That's exactly what is happening right now to The Witcher developer CD Projekt Red.

Continue reading...

Trending right now:

  1. Let’s talk about the iPhone 8, which might make one of the worst design compromises we’ve ever seen
  2. Apple’s ambitious iPhone 8 design could already be causing problems
  3. It’s not too late to get Nintendo’s discontinued NES Classic Edition on Amazon

There’s new evidence tying WCry ransomware worm to prolific hacking group

Enlarge (credit: Health Service Journal)

Researchers have found more digital fingerprints tying this month's WCry ransomware worm to the same prolific hacking group that attacked Sony Pictures in 2014 and the Bangladesh Central Bank last year.

Last week, a researcher at Google identified identical code found in a WCry sample from February and an early 2015 version of Contopee, a malicious backdoor used by Lazarus Group, a hacking team that has been operating since at least 2011. Additional fingerprints linked Lazarus Group to hacks that wiped almost a terabyte's worth of data from Sony Pictures and siphoned a reported $81 million from the Bangladesh Central Bank last year. Researchers say Lazarus Group carries out hacks on behalf of North Korea.

On Monday, researchers from security firm Symantec presented additional evidence that further builds the case that WCry, which is also known as WannaCry, is closely linked to Lazarus Group. The evidence includes:

Read 3 remaining paragraphs | Comments

Page 1 of 8

Powered by WordPress & Theme by Anders Norén