[ RansomWare ] Terkini Warga Russia hadapi pertuduhan penipuan siber RM655 juta

CG Sponsors




mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,217
Reaction score
4,253
Points
201
13spital.transformed_0.jpg

Pandangan Hospital Royal London, di London, Britain, salah satu daripada beberapa hospital dan institusi yang dikendalikan oleh Perkhidmatan Kebangsaan Kesihatan Britain (NHS) yang dilanda serangan ransomware siber besar-besaran, menyebabkan kegagalan kepada sistem komputer, menurut kenyataan NHS Britain. - Foto EPA

WASHINGTON: Gelombang serangan siber yang bergerak pantas melanda seluruh dunia dengan mengeksploitasi kelemahan yang terdedah dalam kebocoran dokumen Agensi Keselamatan Negara (NSA) Amerika Syarikat.

Serangan itu, yang dikatakan pakar memberi kesan kepada puluhan negara, menggunakan teknik diketahui sebagai ransomware yang mengunci fail pengguna kecuali mereka membayar jumlah ditetapkan penggodam dalam bentuk mata wang maya, Bitcoin.


Antara pihak yang terjejas berikutan serangan itu adalah rangkaian komputer di hospital di Britain, Kementerian Dalam Negeri Russia, syarikat telekom gergasi Sepanyol, Telefonica dan firma penghantaran AS, FedEx dan beberapa pertubuhan lain.

Pusat Keselamatan Siber Britain dan Agensi Jenayah Kebangsaan negara itu menyiasat kejadian di United Kingdom, yang mengganggu perjalanan di kemudahan Perkhidmatan Kesihatan Kebangsaan (NHS).

"Ia tidak menyasarkan NHS, ia adalah serangan antarabangsa dan beberapa negara dan pertubuhan terjejas," kata Perdana Menteri Britain, Theresa May.

Kementerian Dalam Negeri Russia berkata, beberapa komputernya terjejas oleh 'serangan virus' dan usaha sedang dijalankan untuk memusnahkan ia.

Pasukan tindak balas kecemasan komputer Jabatan Keselamatan Dalam Negeri berkata, ia menyedari jangkitan ransomware di beberapa negara seluruh dunia.

Pakar di firma keselamatan Avast, Jakub Kroustek, berkata dalam blog yang disiarkan: "Kami kini melihat lebih 75,000 jangkitan di 99 negara." - AFP

13virus.transformed.jpg


Selanjutnya di : http://www.bharian.com.my/node/282006

Massive ransomware infection hits computers in 99 countries

_96034173_cryptor3.jpg

The ransomware has been identified as WannaCry - here shown in a safe environment on a security researcher's computer

A massive cyber-attack using tools believed to have been developed by the US National Security Agency has struck organisations around the world.

Computers in thousands of locations have been locked by a programme that demands $300 (£230) in Bitcoin.

In April hackers known as The Shadow Brokers claimed to have stolen the tools and released them online.

Microsoft released a patch for the vulnerability in March, but many systems may not have been updated.

How big is the attack?

There have been reports of infections in 99 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.

Cyber-security firm Avast said it had seen 75,000 cases of the ransomware - known as WannaCry and variants of that name - around the world.

"This is huge," said Jakub Kroustek at Avast.

Many researchers say the incidents appear to be linked, but say it may not be a coordinated attack on specific targets.

Meanwhile wallets for the digital cryptocurrency Bitcoin that were seemingly associated with the ransomware were reported to have started filling up with cash.
Who has been affected?

The UK's National Health Service (NHS) has been hit and screenshots of the WannaCry program were shared by NHS staff.

Hospitals and doctors' surgeries were forced to turn away patients and cancel appointments. One NHS worker told the BBC that patients would "almost certainly suffer" as a result.

Some reports said Russia had seen more infections than any other single country. Russia's interior ministry said it had "localised the virus" following an "attack on personal computers using Windows operating system".

Explaining the global ransomware outbreak
A hack born in the USA?
'My heart surgery was cancelled'

People tweeted photos of affected computers including a local railway ticket machine in Germany and a university computer lab in Italy.

A number of Spanish firms - including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural - suffered from the outbreak. There were reports that staff at the firms were told to turn off their computers.

Portugal Telecom, delivery company FedEx, a Swedish local authority and Megafon, the second largest mobile phone network in Russia, also said they had been affected.

Who is behind the attack?

Some experts say the attack may be have been built to exploit a weakness in Microsoft systems that was identified by the NSA and given the name EternalBlue.

The NSA tools were then stolen by a group of hackers known as The Shadow Brokers, who then attempted to sell the encrypted cache in an online auction.

However they subsequently made the tools freely available, releasing a password for the encryption on 8 April.

The hackers said they had published the password as a "protest" about US President Donald Trump.

At the time, some cyber-security experts said some of the malware was real, but old.

A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.

Microsoft said on Friday its engineers had added detection and protection against WannaCrypt. The company was providing assistance to customers, it added.
How does the malware work?

Some security researchers have pointed out that the infections seem to be deployed via a worm - a program that spreads by itself between computers.

Unlike many other malicious programs, this one has the ability to move around a network by itself. Most others rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.

By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too. This perhaps explains why its impact is so public - because large numbers of machines at each victim organisation are being compromised.

http://www.bbc.com/news/technology-39901382
Malaysia terselamat ancaman ransomware

WhatsApp_Image_2017-05-13_at_12.17.44_PM_(1).jpeg.transformed.jpg

DATUK Seri Dr S Subramanian (kanan) mengangkat tangan sebagai simbolik usaha memerangi malaria selepas merasmikan Sambutan Hari Malaria Sedunia Peringkat Kebangsaan 2017 di Dewan Putra FELDA Palong Timur, Segamat.

SEGAMAT: Malaysia dijangka tidak akan mengalami serangan siber 'ransomware' yang kini melumpuh perkhidmatan kesihatan di England kerana negara ini masih belum mempunyai sistem Data Bersepadu Kesihatan Kebangsaan seperti yang digunakan di negara itu.

Menteri Kesihatan, Datuk Seri Dr S Subramaniam, berkata sistem yang diguna pakai di hospital negara ini dibuat secara berasingan. Bagaimanapun katanya, susulan serangan ramsomware itu, kerajaan meningkatkan kawalan khusus dalam berhadapan dengan ancaman keselamatan siber seumpama itu.


"Dalam keadaan ini, buat masa sekarang, mungkin ini (serangan ransomware) tidak akan memberi kesan yang besar kepada negara kita. Ini kerana kita masih belum ada Data Bersepadu Kesihatan Kebangsaan, cuma secara asing sahaja.

"Sistem dalam Hospital Segamat hanya dalam Hospital Segamat... Sistem di Hospital JB (Johor Bahru) hanya di Hospital JB sahaja. Kalau kita kena pun, Hospital JB sahaja yang kena... maklumat dia sahaja. "Tetapi kita sememangnya ke arah mengintegrasikannya dan bila itu terjadi,

ini adalah antara satu risiko. Ini kerana pada masa itu, kalau kena di satu tempat, mungkin ia boleh merosakkan (sistem) di seluruh negara," katanya. Beliau berkata demikian pada sidang media selepas merasmikan Sambutan Hari Malaria Sedunia Peringkat Kebangsaan 2017 di Dewan Putra FELDA Palong Timur di sini, hari ini.

Dr Subramanian yang juga Ahli Parlimen Segamat berkata, orang ramai termasuk doktor tidak perlu risau mengenai perkara ini kerana sistem pangkalan data masih belum diintegrasi. "Setiap hospital mempunyai sistem mereka sendiri. Kalau kena pun (serangan siber) mereka sahaja yang kena dan tidak melalui seluruh negara.

"Apa yang berlaku di sana (England), mereka mempunyai National Integrated Health System dan kalau kena (serangan siber), keseluruhan sistem pangkalan data di seluruh negara juga akan kena. "Sistem kita (Kementerian Kesihatan) diuruskan oleh Unit Pemodenan dan Perancangan Pengurusan Malaysia (MAMPU).

Selain itu, Kementerian Komunikasi dan Multimedia juga turut dipertanggungjawabkan untuk menjaga keselamatan siber di negara ini," katanya. Semalam, hospital dan pakar pembedahan di seluruh England terpaksa tidak menerima pesakit dan membatalkan janji temu selepas serangan siber Ransomware melumpuhkan perkhidmatan kesihatan kendalian negara itu.

Selanjutnya di : http://www.bharian.com.my/node/282065
Penyelidik temui cara sekat ransomeware

13wanna.transformed.jpg


HONG KONG: Seorang penyelidik keselamatan siber menemui 'suis bunuh' yang boleh menghalang penularan WannaCry ransomware, buat masa ini, yang mencetuskan kekecohan serangan siber seluruh dunia. Penyelidik berkenaan, menggunakan akaun Twitter sebagai @MalwareTechBlog, berkata penemuan itu secara tidak sengaja, tetapi pendaftaran nama domain digunakan perisian itu menghalang ia daripada terus tersebar.

"Pada dasarnya, mereka bergantung kepada domain yang tidak didaftarkan dan dengan mendaftarkan ia, kami menghalang perisian mereka daripada tersenar," @MalwareTechBlog memberitahu AFP dalam mesej persendirian di Twitter. Bagaimanapun, penyelidik memberi amaran kepada orang ramai supaya mengemas kini sistem mereka secepat mungkin bagi mengelak serangan.

"Krisis ini belum berakhir, mereka boleh mengubah kod dan mencuba lagi," kata @MalwareTechBlog. Gelombang serangan siber semalam, yang menjejaskan puluhan negara, mengeksploitasi kecacatan yang terdedah dalam dokumen bocor daripada Agensi Keselamatan Negara Amerika Syarikat. Penyerang menggunakan teknik dikenali sebagai ransomware yang mengunci fail pengguna kecuali mereka membayar jumlah ditetapkan dalam bentuk mata wang maya Bitcoin. - AFP

Selanjutnya di : http://www.bharian.com.my/node/282072
UPADTE 14/5/17 : Renault, Nissan terjejas akibat ransomware



Syarikat Nissan di Sunderland turut menjadi mangsa serangan siber ransomware.-REUTERS

PERANCIS 13 Mei - Syarikat pengeluar kereta Perancis, Renault terpaksa menghentikan operasi di beberapa lokasi untuk mengelakkan penyebaran serangan siber global, yang melanda sistem komputer, lapor seorang jurucakap.

Renault merupakan syarikat utama Perancis terawal yang terjejas oleh serangan siber ransomware yang telah menjangkiti beribu-ribu komputer di lebih 100 buah negara itu.


Pembuat kereta Dacia yang dimiliki Renault turut dilaporkan berdepan masalah serupa mengakibatkan sebahagian daripada pengeluarannya mengalami gangguan.

“Langkah-langkah proaktif telah dilaksanakan, termasuk penggantungan sementara aktiviti industri di sesetengah tempat. Kilang Renault di Sandouville di barat laut Perancis adalah salah satu kilang yang menghentikan pengeluaran,” kata jurucakap itu yang enggan menyediakan senarai penuh lokasi terjejas.

Sementara itu, pengeluaran di kilang pembuat kereta milik Jepun, Nissan di Sunderland, timur laut England, juga dilaporkan terjejas oleh serangan siber berkenaan. - REUTERS

Artikel Penuh: http://www.utusan.com.my/berita/lua...ejas-akibat-ransomware-1.481057#ixzz4gykfXz7M
© Utusan Melayu (M) Bhd
What is ransomware?

Thousands of computers across the globe were hit by a ransom-demanding malware. DW explains what ransomware is and how to avoid becoming the next victim.

17567700_303.jpg


A massive global cyberattack infected tens of thousands of computers in nearly 100 countries by exploiting vulnerabilities believed to have been exposed in documents leaked from the US National Security Agency.

Friday's attack used a malware known as ransomware to extort money from victims, including governments, companies and organizations.

What is ransomware?

Ransomware is malware that encrypts files on an infected computer or mobile device. The ransomware locks the computer and prevents users from accessing files, documents and pictures until payment is made.


38824818_401.jpg

Major organizations across England reported problems with their computer systems as a result of an apparent cyberattack

How does a computer get infected with ransomware?

Computers are typically infected when a user opens a link or email attachment from a malicious email message. Known as a phishing email, the message is often sent from an email account disguised to look like it is coming from a known or trustworthy entity. Hackers can also plant malware on websites.

Sometimes a user may not be immediately aware the computer is infected. Some types of ransomware, such as the one used on Friday, show a "lock screen" notifying the user their files have been encrypted and demanding payment to unlock the files.

How does payment and unlocking work?

The ransomware demands the user pay to have the files decrypted. Payment, often with the anonymous virtual currency Bitcoin, allows the user to access the files with an encryption key only known by the hacker. As in Friday's attack, the payment can go up if it is not made within a short time frame.

If the payment is not made within a certain time period the encryption key is destroyed and the files lost forever.

19430471_401.jpg

A typical ransomware infection will show a message extorting the victim to pay a ransom to decrypt files

Should you pay ransomware?

Law enforcement agencies advise against paying ransom. They say payment encourages criminal hackers and there is no guarantee that after payment access to files will be restored.

What can you do to protect yourself against ransomware?

Exercise caution before clicking on an email link from an unknown or potentially disguised source. Users should also install security updates on their computers and back up files in case of attack.

Friday's attack targeted a known vulnerability in the Windows operating system. Microsoft said it released Windows updates to defend against the ransomware used in the attack, but not everyone installed them.

Why are businesses vulnerable to ransomware?

Larger businesses, organizations and governments may not install security updates immediately because they have their own security measures in place. Hackers target businesses because they calculate that they are more likely to pay. Businesses may have sensitive data and do not want to disrupt operations. Restoring files may also be more expensive than paying the extortion fee.

How can you get files back?

Without paying the extortion payment it is very difficult to save the files. There are instances of hackers creating weak malware that is capable of being broken. In one case, a hacker regretted creating malware and published a master key for files to be decrypted. In another case, law enforcement seized a server with keys on it and shared it with victims.

Law enforcement agencies and computer security companies have keys to some ransomware to decrypt files, but with a growing number of different malware most ransomware cannot be decrypted.

http://www.dw.com/en/what-is-ransomware/a-38828105
salah satu address bitcoin ransomeware.

https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

banyak gak tu, 6k usd per address. ada berapa juta server yang infected.

mau naik menggila harga bitcoin kalau macam ni.

Who is to blame for the massive ransomware attack? - Inside Story


Bitcoin Becomes Media Scapegoat as NSA-Derived Ransomware Hits 99 Countries


A global ransomware attack derived from a leaked NSA tool successfully breached into 100,000 computer systems and servers across 99 countries. During the first day of the attack, the focus was set on Bitcoin instead, which had minimal involvement in the ransomware attack, rather than the use of an NSA tool developed using taxpayers’ capital.

What actually happened


On May 12, the WannaCry ransomware began to spread across the world, attacking 75,000 computers in a matter of hours. According to MalwareTech, WannaCry targeted and encrypted 100,000 computers in a period of 24 hours, quickly becoming the largest ransomware attack in history.

The WannaCry ransomware, which is also known as WanaCrypt0r 2.0, infected some of the world’s largest corporations and organizations including the National Health Service (NHS) hospitals in the UK, FedEx and Telefonica. The malware targeted a wide range of industries including the education industry.

As a result, companies weren’t able to carry out operations and hospitals across the UK struggled to serve patients as their databases and servers became encrypted.

On May 13, Russia Today (RT) further revealed that computers at Russia’s Interior Ministry and the country’s largest telecommunications company Megafon also fell victim to the WannaCry ransomware. In an interview with RT, Megafon spokesperson Pyotr Lidov stated:

"The very virus that is spreading worldwide and demanding $300 to be dealt with has been found on a large number of our computers in the second half of the day today.”
Why Bitcoin got blamed, again

Bitcoin was the helm of global media attention because the WannaCry ransomware demanded victims to pay ransom in Bitcoin in order to receive decryption keys to regain access to their encrypted files. Some major media outlets including the New York Times blamed Bitcoin for the WannaCry ransomware attack, emphasizing the “anonymity” of Bitcoin.

Obviously and evidently, Bitcoin is not anonymous in nature. In fact, in its coverage, the New York Times contradicted itself by stating that Bitcoin is anonymous but a startup called Elliptic was able to trace payments back to the accounts of the WannaCry ransomware distributors. Hence, if Elliptic was able to trace transactions or ransom payments to the accounts of the cyber criminals, Bitcoin is not anonymous and is transparent.

Moreover, as Bitcoin and security expert Andreas Antonopoulos noted, Bitcoin had minimal involvement in the ransomware attack solely because Bitcoin was the currency of choice for the ransom payments. If it wasn’t for Bitcoin, the criminals would have used other methods that are much harder to track and trace.

Antonopoulos wrote:
“Ransomware attacks used the leaked NSA tools to compromise computers. News media blaming Bitcoin? Blaming Bitcoin for ransomware is exactly like blaming the duffel bag full of cash for a kidnapping.”
Keep calm and buy Bitcoin

However, after the initial day of the attack, many media outlets specifically in the UK started to offer factual and fair reports. On May 13, the day after the WannaCry ransomware struck, “How to Buy Bitcoin” features dominated the front page of major UK newspapers.

According to analysis, the WannaCry ransomware attack spreads exponentially due to its SMB exploit and remote hijacking on vulnerable computers. Every online IP address exploited by the WannaCry ransomware can get encrypted.

It is likely that more victims will emerge in the next few days as the ransomware attack spreads ever further across the globe.

https://cointelegraph.com/news/bitc...t-as-nsa-derived-ransomware-hits-99-countries
CARA-CARA NAK RECOVER
Lima Cara Selamatkan Komputer Daripada Virus WannaCry



Setakat ini, lebih 150 negara mengalami serangan siber yang digelar virus WannaCry. - Gambar hiasan

BARU-BARU ini dunia dikejutkan dengan serangan virus siber bernama WannaCry yang menjejaskan data milik pengguna dan paling menggerunkan virus itu digunakan untuk memeras ugut mereka.

Menurut laporan portal berita India Today, India merupakan negara yang paling teruk diserang oleh virus itu.

Selain itu, antara negara lain yang turut diserang virus tersebut ialah United Kingdom, Rusia, China dan yang terkini The Star melaporkan dua syarikat tempatan turut mengalami nasib yang sama.


Menurut portal berita Mail Online, terdapat lima langkah awal yang disarankan oleh pakar untuk anda mengelak daripada terkena serangan ini:

1. Pastikan anda membuat salinan sandar atau 'backup'

Lebih selamat jika anda membuat beberapa salinan sandar pada perkhidmatan penyimpanan awan dan pemacu cakera dengan kerap.

2. Kemaskini sistem

Kemaskini perisian yang terkini akan merendahkan risiko ancaman siber kerana pembangun perisian berkenaan sudah menyelesaikan gangguan atau virus yang menyerang sistem mereka.

3. Guna perisian anti virus

Perisian anti virus akan memberi pelindungan asas dengan mengimbas sistem anda untuk menentang virus-virus lazim.

4. Beri peringatan kepada rakan sekerja

Jika anda bekerja dalam sebuah organisasi, lebih baik jika anda menasihatkan rakan-rakan sekerja untuk tidak klik pada pautan yang mencurigakan.

5. Jangan tunggu dan lihat

Sesetengah organisasi memutuskan bekalan elektrik pada komputer syarikat sebagai langkah berjaga-jaga.

Tindakan ini sedikit sebanyak dapat mencegah serangan daripada menjadi lebih teruk.

Bagaimanapun, sekiranya anda menerima peras ugut daripada penggodam untuk mendapatkan kembali data yang telah hilang, pakar menasihatkan supaya jangan terfikir langsung untuk akur dengan permintaan tersebut.

Ini kerana tiada jaminan bahawa data anda boleh diselamatkan.

Read more at http://www.mstar.com.my/berita/berita-semasa/2017/05/16/virus-wannacry/#yXUCC852rq7kqVtP.99
Hackers are now using subtitle files to take over devices


The victim's PC can be taken over within seconds via remote access once the malicious subtitle file is played alongside a video file. — Check Point

Fresh off the WannaCry ransomware and Adylkuzz cryptocurrency miner exploits, another major vulnerability targeting video subtitles has come to light.

According to security research firm Check Point, attackers are now creating malicious files disguised as subtitles, that are then uploaded to popular subtitles repositories widely available on the Internet.

While it’s still safe for users to download the files onto their devices, the attack will happen when users play a video alongside the malicious subtitle file.


According to the demo provided by Check Point, attackers will be able to take over the victim’s device within seconds after the video is played (where the malicious file is executed in the background).

Check Point estimated that over 200 million people around the world are at risk of the attack, making it one of the most widespread, easily accessed and zero-resistance vulnerabilities reported in recent years.

The security firm says that once attackers gain access to the victim’s PC, the possible damage is endless ranging from stealing sensitive information, installing ransomware to mass Denial of Service (DoS) attacks.

If you happen to be one of those who are downloading subtitles on free online sources such as Subscene, YIFY Subtitles and OpenSubtitles, watch out as you might be unknowingly downloading malicious subtitle files.

What makes it so dangerous is the fact that many of the subtitles repositories are treated as trusted sources, allowing anyone to upload subtitles which are then downloaded by millions of users globally.

“The attack vector relies heavily on the poor state of security in the way various media players process subtitle files and the large number of subtitle formats,” according to the blog post by Check Point.

It says that there are over 25 subtitle formats in use, each with unique features and capabilities, along with how the different types of media players make use of these subtitles.

Check Point likens it to similar situations involving fragmented software, resulting in numerous distinct vulnerabilities.

The firm pointed out that four popular media players such as VLC, Kodi, Popcorn Time and Streamio are affected by the vulnerability.

It also believes that a similar vulnerability exists in other media players.

If you happen to be running the older versions of the media players, it’s best to update them right now as the developers have issued fixes on their respective websites.

Read more at http://www.thestar.com.my/tech/tech...ake-over-victim-s-device/#WwBqhoeF2Tm32udu.99
 
Hacker who stopped WannaCry may get 40yrs of jail


The British computer hacker credited with stopping the notorious WannaCry cyber-attack has allegedly admitted to police that he created and sold malware designed to steal banking details. Marcus Hutchins could face up to 40 years in prison if convicted. Hutchin’s work in stopping WannaCry saw him hailed as a hero. Former CIA analyst John Kiriakou believes the hacker’s arrest leaves too many questions unanswered.

READ MORE: https://on.rt.com/8jn6

Last edited:
Sponsored Post

myroadtax.com

CG Top Poster Club
Platinum Member
Joined
Feb 12, 2014
Messages
25,909
Reaction score
585
Points
161
Syarikat dan firma kenalah buat pelaburan IT sekuriti pasang firewall atau spam blocker untuk menapis semua email.

Selalunya ransomware ni merebak melalui email.
 

Metamorfosis

Active+ Member
Joined
Jul 11, 2013
Messages
3,816
Reaction score
87
Points
40
Siapa kena ni...semua file hye2 bye2 la...dia encrypt semua...
 

forumercg

Banned
Joined
May 6, 2017
Messages
804
Reaction score
66
Points
25
dia masuk ikut attachment file.
paling baik skrg, hantar file guna telegram atau whatsapp sahaja didalam group.

email orang boleh harvest dan randomly send, tetapi no phone whatsapp dan telegram orang tidak boleh harvest.
 

cyborg

Active+ Member
Joined
Aug 14, 2008
Messages
4,573
Reaction score
97
Points
40
Bayar pakai BITCOIN , memang jilakerrr
 

estacoco

Super Active Member
Joined
May 5, 2008
Messages
7,543
Reaction score
25
Points
70
Kat opis aku ada yg kena. Habis file dalam laptop. Nasib baik ada back up kat server sikit
 

DDos

Legendary Member
Joined
Nov 7, 2007
Messages
14,110
Reaction score
690
Points
166
sendiri create 'masalah', lps tu sendiri create 'penyelesaian'

semua agenda yahudi dan iluminati
 
Sponsored Post
Top
Log in Register