[ RansomWare ] Terkini Warga Russia hadapi pertuduhan penipuan siber RM655 juta

CG Sponsors




mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
Ransomware virus 'WannaCry' plagues 100k computers across 99 countries
 
Last edited:
Sponsored Post

mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
French researchers find way to unlock WannaCry without ransom



FRANKFURT: French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the ransomware threatens to start locking up victims’ computers first infected a week ago.

WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection.

A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed.


The researchers cautioned that their solution only works in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently.

Europol said on Twitter that its European Cybercrime Centre had tested the team’s new tool and said it was “found to recover data in some circumstances”.

The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France.

“We knew we must go fast because, as time passes, there is less chance to recover,” Delpy said after a second sleepless night of work this week allowed him to release a workable way to decrypt WannaCry at 6 am Paris time (0400 GMT) on Friday.

Delpy calls his free tool for decrypting infected computers without paying ransom “wanakiwi”.

Suiche published a blog with technical details summarizing what the group of passing online acquaintances has built and is racing to share with technical staff at organizations infected by WannaCry.

Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning the entire universe of affected PCs.

“(The method) should work with any operating system from XP to Win7,” Suiche told Reuters, via direct message on Twitter.

Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.

The only workable solution

Guinet, a security researcher at Paris-based Quarks Lab, published the theoretical technique for decrypting WannaCry files late Wednesday and Thursday, which Delpy, also in Paris, figured out how to turn into a practical tool to salvage files.

Suiche, based in Dubai and one of the world’s top independent security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows.

His blog post links to a Delpy’s “wanakiwi” decryption tool which is based on Guinet’s original concept. His idea involves extracting the keys to WannaCry encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software’s full encryption key.

“This is not a perfect solution,” Suiche said. “But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups” which allow users to restore data without paying black-mailers.

As of Wednesday, half of all internet addresses corrupted globally by WannaCry were located in China and Russia, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic.

By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.

Only 309 transactions worth around $94,000 appear to have been paid into WannaCry blackmail accounts by Friday (1345 GMT), sevens days after the attack began.

That’s just under one in 1,000 of the estimated victims.

This may reflect a variety of factors, security experts say, including scepticism that attackers will honor their promises or the possibility that organizations have back-up storage plans allowing them to recover their data without paying ransom.

http://www.freemalaysiatoday.com/ca...s-find-way-to-unlock-wannacry-without-ransom/
 

mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
North Korea’s Unit 180, the cyber warfare cell that worries the West



SEOUL: North Korea’s main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber attacks, according to defectors, officials and internet security experts.

North Korea has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea and over a dozen other countries.

Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry “ransomware” cyber attack that infected more than 300,000 computers in 150 countries this month. Pyongyang has called the allegation “ridiculous”.


The crux of the allegations against North Korea is its connection to a hacking group called Lazarus that is linked to last year’s US$81 million cyber heist at the Bangladesh central bank and the 2014 attack on Sony’s Hollywood studio. The US government has blamed North Korea for the Sony hack and some US officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.

No conclusive proof has been provided and no criminal charges have yet been filed. North Korea has also denied being behind the Sony and banking attacks.

North Korea is one of the most closed countries in the world and any details of its clandestine operations are difficult to obtain. But experts who study the reclusive country and defectors who have ended up in South Korea or the West have provided some clues.

Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004 and still has sources inside North Korea, said Pyongyang’s cyber attacks aimed at raising cash are likely organised by Unit 180, a part of the Reconnaissance General Bureau (RGB), its main overseas intelligence agency.

“Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts,” Kim told Reuters. He has previously said that some of his former students have joined join North Korea’s Strategic Cyber Command, its cyber-army.

“The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace,” Kim added. He said it was likely they went under the cover of being employees of trading firms, overseas branches of North Korean companies, or joint ventures in China or Southeast Asia.

James Lewis, a North Korea expert at the Washington-based Center for Strategic and International Studies, said Pyongyang first used hacking as a tool for espionage and then political harassment against South Korean and US targets.

“They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime,” he said.

“So far, it’s worked as well or better as drugs, counterfeiting, smuggling – all their usual tricks,” Lewis said.

Cost-effective, deniable


The US Department of Defense said in a report submitted to Congress last year that North Korea likely “views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the Internet”.

“It is likely to use Internet infrastructure from third-party nations,” the report said.

South Korean officials say they have considerable evidence of North Korea’s cyber warfare operations.

“North Korea is carrying out cyber attacks through third countries to cover up the origin of the attacks and using their information and communication technology infrastructure,” Ahn Chong-ghee, South Korea’s vice foreign minister, told Reuters in written comments.

Besides the Bangladesh Bank heist, he said Pyongyang was also suspected in attacks on banks in the Philippines, Vietnam and Poland.

In June last year, police said the North hacked into more than 140,000 computers at 160 South Korean companies and government agencies, planting malicious code as part of a long-term plan to lay the groundwork for a massive cyber attack on its rival.

North Korea was also suspected of staging cyber attacks against the South Korean nuclear reactor operator in 2014, although it denied any involvement.

That attack was conducted from a base in China, according to Simon Choi, a senior security researcher at Seoul-based anti-virus company Hauri Inc.

“They operate there so that regardless of what kind of project they do, they have Chinese IP addresses,” said Choi, who has conducted extensive research into North Korea’s hacking capabilities.

Malaysia link

Malaysia has also been a base for North Korean cyber operations, according to Yoo Dong-ryul, a former South Korean police researcher who studied North Korean espionage techniques for 25 years.

“They work in trading or IT programming companies on the surface,” Yoo told Reuters. “Some of them run websites and sell game and gambling programs”.

Two IT firms in Malaysia have links to North Korea’s RGB spy agency, according to a Reuters investigation this year, although there was no suggestion either of them was involved in hacking.

Michael Madden, a US-based expert on the North Korean leadership, said Unit 180 was one of many elite cyber warfare groups in the North Korean intelligence community.

“The personnel are recruited from senior middle schools and receive advanced training at some elite training institutions,” Madden told Reuters.

“They have a certain amount of autonomy in their missions and tasking as well,” he said, adding that they could be operating from hotels in China or Eastern Europe.

In the United States, officials said there was no conclusive evidence that North Korea was behind the WannaCry ransomware, but that was no reason to be complacent.

“Whether or not they are directly involved with ransomware doesn’t change the fact that they are a real cyber threat,” said a senior administration official, who spoke on condition of anonymity.

Dmitri Alperovitch, co-founder of prominent US security firm CrowdStrike Inc, added: “Their capabilities have improved steadily over time, and we consider them to be a threat actor that is capable of inflicting significant damage on US private or government networks.”

http://www.freemalaysiatoday.com/ca...the-cyber-warfare-cell-that-worries-the-west/
 

mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
Malas Kemas Kini, Jangan Jadi Mangsa WannaCry


Kakitangan Persatuan Pengajian Antarabangsa Korea (Kisa) memantau penyebaran serangan siber 'ransomware' di Kisa, Seoul. — AFP

VIRUS berprofil tinggi ransomware yang menyerang lebih 200,000 pengguna komputer di seluruh dunia sebenarnya boleh dielakkan sekiranya pengguna tidak malas dan kemas kini komputer mereka, kata pakar keselamatan siber.

Pengarah Pusat Keselamatan Siber Florida, Sri Sridharan berkata, pertumbuhan mata wang digital atau bitcoin membuatkan penjenayah lebih mudah mengunci maklumat pengguna dan memeras ugut mereka seperti yang dilakukan dalam serangan WannaCry yang bermula sejak Jumaat minggu lalu.

"Mereka tidak faham. Sama ada mereka malas atau tidak ambil peduli langsung," katanya.


Microsoft sudah mengeluarkan patch yang melindungi pengguna daripada serangan WannaCry pada Mac lalu.

Serangan siber itu mula menyerang syarikat dan agensi kerajaan di seluruh dunia termasuklah British National Health Service dan Interior Ministry of Russia.

Para penyelidik berkata, serangan itu berasal dari National Security Agency (NSA), Amerika Syarikat yang direka untuk memanipulasi sistem komputer ketika proses siasatan.

Virus itu dibocorkan oleh penggodam yang menyasarkan NSA dan ribuan jangkitan yang berlaku sudah dilaporkan pada Isnin.

Virus WannaCry menyerang perniagaan dan individu di lebih 150 negara.

Kata Sridharan, tahun 2017 bakal menjadi tahun bagi serangan berbentuk peras ugut atau lebih dikenali sebagai ransomware. - Orlando Sentinel/Tribune News Service

Read more at http://www.mstar.com.my/berita/berita-semasa/2017/05/21/wannacry-jangan-malas/#5KpvjWereDs1LpjM.99
 

mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
Korea Utara miliki tentera siber


AFP - seorang petugas memantau serangan siber ransomware di pejabat Agensi Keselamatan dan Internet Korea, Seoul pada 15 Mei lalu.

PYONGYANG – Agensi perisikan utama Korea Utara mempunyai pasukan khas dinamakan Unit 180 yang dipercayai melancarkan sebilangan serangan siber pa*ling nekad dan berjaya, kata beberapa pembelot Pyongyang, pihak berkuasa dan pakar keselamatan internet.

Kim Heung-kwang yang merupakan bekas profesor sains di Korea Utara tetapi berpaling tadah ke Korea Selatan pada tahun 2004 berkata, serangan siber oleh Pyongyang bertujuan untuk mengumpulkan wang dan dilakukan oleh Unit 180.


Unit itu adalah sebahagian daripada Biro Pengintipan Awam, agensi perisikan luar negara utama Korea Utara.

“Unit 180 menggodam institusi kewangan dengan menceroboh dan mengeluarkan wang daripada akaun-akaun bank,” kata Heung-kwang kepada agensi berita Reuters.

Heung-kwang sebelum ini berkata, beberapa bekas pelajarnya telah menyertai tentera siber negara komunis itu.

“Penggodam-penggodam ini bergerak ke luar negara untuk mencari lokasi yang mempunyai perkhidmatan internet lebih baik daripada Korea Utara untuk menyem*bunyikan jejak mereka,” ujarnya.

Dia menambah, penggodam-penggodam Korea Utara menyamar sebagai pekerja cawa*ngan syarikat Korea Uta*ra di luar negara termasuk syarikat usaha sama di China dan Asia Tenggara.

“Korea Utara melakukan serangan siber melalui negara ketiga untuk menutup sumber sebenar serangan,” kata Timbalan Menteri Luar Korea Selatan, Ahn Chong-ghee dalam komen bertulis kepada Reuters.

Sejak beberapa tahun lalu, Korea Utara dipersalahkan berhubung banyak serangan siber, sebahagian besarnya terhadap rangkaian kewangan di Amerika Syarikat (AS), Korea Selatan dan puluhan negara lain.

Penyelidik keselamatan siber juga menyatakan bahawa mereka menemui bukti teknikal yang boleh mengaitkan Korea Utara dengan serangan siber global, WannaCry ransomware.

Serangan siber itu menjejaskan lebih 300,000 komputer di 150 buah negara pada bulan ini.

Pyongyang bagaimanapun menyifatkan dakwaan itu sebagai tidak munasabah.

– Reuters

Artikel Penuh: http://www.kosmo.com.my/kosmo/conte...ub=Kosmo&sec=Dunia&pg=du_01.htm#ixzz4hps8VgFq
Hakcipta terpelihara
 

mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
'Penggodam Lazarus ada kaitan dengan WannaCry'


PEKERJA serangan siber ransomware di Keselamatan Agensi di Seoul, Korea Selatan - Foto AP

WASHINGTON: Firma keselamatan siber, Symantec, percaya kumpulan penggodam yang mempunyai kaitan dengan Korea Utara bertanggungjawab dalam serangan WannaCry, baru-baru ini.


Serangan virus itu menjangkiti kira-kira 300,000 komputer di seluruh dunia, selain menjejaskan operasi hospital, bank dan sekolah. Menurut Symantec, virus yang digunakan serangan siber awal tahun ini 'hampir menyamai' virus yang pernah dikaitkan dengan kumpulan penggodam Lazarus disebarkan di lebih 150 negara.

Sebelum ini, kerajaan Amerika Syarikat dan penyelidik keselamatan siber, pernah mengaitkan Lazarus dengan Korea Utara. - Reuters

Selanjutnya di : http://www.bharian.com.my/node/285419
 

mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
Hackers are now using subtitle files to take over devices


The victim's PC can be taken over within seconds via remote access once the malicious subtitle file is played alongside a video file. — Check Point

Fresh off the WannaCry ransomware and Adylkuzz cryptocurrency miner exploits, another major vulnerability targeting video subtitles has come to light.

According to security research firm Check Point, attackers are now creating malicious files disguised as subtitles, that are then uploaded to popular subtitles repositories widely available on the Internet.

While it’s still safe for users to download the files onto their devices, the attack will happen when users play a video alongside the malicious subtitle file.


According to the demo provided by Check Point, attackers will be able to take over the victim’s device within seconds after the video is played (where the malicious file is executed in the background).

Check Point estimated that over 200 million people around the world are at risk of the attack, making it one of the most widespread, easily accessed and zero-resistance vulnerabilities reported in recent years.

The security firm says that once attackers gain access to the victim’s PC, the possible damage is endless ranging from stealing sensitive information, installing ransomware to mass Denial of Service (DoS) attacks.

If you happen to be one of those who are downloading subtitles on free online sources such as Subscene, YIFY Subtitles and OpenSubtitles, watch out as you might be unknowingly downloading malicious subtitle files.

What makes it so dangerous is the fact that many of the subtitles repositories are treated as trusted sources, allowing anyone to upload subtitles which are then downloaded by millions of users globally.

“The attack vector relies heavily on the poor state of security in the way various media players process subtitle files and the large number of subtitle formats,” according to the blog post by Check Point.

It says that there are over 25 subtitle formats in use, each with unique features and capabilities, along with how the different types of media players make use of these subtitles.

Check Point likens it to similar situations involving fragmented software, resulting in numerous distinct vulnerabilities.

The firm pointed out that four popular media players such as VLC, Kodi, Popcorn Time and Streamio are affected by the vulnerability.

It also believes that a similar vulnerability exists in other media players.

If you happen to be running the older versions of the media players, it’s best to update them right now as the developers have issued fixes on their respective websites.

Read more at http://www.thestar.com.my/tech/tech...ake-over-victim-s-device/#WwBqhoeF2Tm32udu.99
 
Last edited:

mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
Hacker who stopped WannaCry may get 40yrs of jail


The British computer hacker credited with stopping the notorious WannaCry cyber-attack has allegedly admitted to police that he created and sold malware designed to steal banking details. Marcus Hutchins could face up to 40 years in prison if convicted. Hutchin’s work in stopping WannaCry saw him hailed as a hero. Former CIA analyst John Kiriakou believes the hacker’s arrest leaves too many questions unanswered.

READ MORE: https://on.rt.com/8jn6
 

epozer

Legendary Member
Platinum Member
Joined
Aug 2, 2010
Messages
14,791
Reaction score
532
Points
171
Hacker who stopped WannaCry may get 40yrs of jail

https://www.youtube.com/watch?v=X-YJxwFYnxs

The British computer hacker credited with stopping the notorious WannaCry cyber-attack has allegedly admitted to police that he created and sold malware designed to steal banking details. Marcus Hutchins could face up to 40 years in prison if convicted. Hutchin’s work in stopping WannaCry saw him hailed as a hero. Former CIA analyst John Kiriakou believes the hacker’s arrest leaves too many questions unanswered.

READ MORE: https://on.rt.com/8jn6
dia yg buat...dia yg rawat... last2 kn jadi balaci military
 

mazri_2008

CG Top Poster Club
Joined
Nov 9, 2008
Messages
49,218
Reaction score
4,253
Points
201
HACK HERO ARREST Brit computer geek Marcus Hutchins, who stopped NHS WannaCry virus, ‘admitted to cops he created code that harvests bank customers’ details’

A BRITISH man who stopped a global cyber attack that crippled NHS computer systems allegedly admitted he created a code which harvests bank details.

Marcus Hutchins, 23, from Ilfracombe, Devon, discovered the “kill switch” for the WannaCry ransomware, which infected tens of the thousands of computers in 170 countries.



Marcus Hutchins, 23, has been charged with creating software that harvested banking details

He was arrested in Las Vegas on Wednesday and was charged in a six-count federal indictment where he is accused of having helped to create, spread and maintain the banking trojan virus Kronos.

The malware allowed hackers to steal online banking details and was spread via malicious e-mail attachments.

His lawyer said he denied all the charges against him.

Hutchins was granted bail yesterday for $30,000 (£23,000) on the condition he stays in the country.

Prosecutors yesterday told a federal court in Las Vegas, Hutchins admitted to cops – during an alleged confession – to writing and selling malware code designed to steal banking details.

Dan Cowhig, prosecuting, said: “He admitted he was the author of the code of Kronos malware and indicated he sold it.”


Hutchins was arrested at Las Vegas airport minutes before he was due to fly home from a week of partying in the desert city

He said the researcher also known as MalwareTech and his unnamed co-defendant, who is still at large, were caught in a sting operation when undercover officers brought the code.

Prosecutors claim the software was sold for 2,000 dollars (£1,522) in digital currency in June 2015.

Other evidence comes from chat logs where he complains to the co-defendant that he did not receive a fare share of the money, Mr Cowhig said.

Hutchins’ lawyer Adrian Lobo denied he is the author and said he would plead not guilty to all of the charges, which date between July 2014 and July 2015.

She said: “He has dedicated his life to researching malware, not trying to harm people. Use the internet for good is what he has done.

“He was completely shocked, this isn’t’ something he anticipated.

“He came here for a work-related conference and he was fully anticipating to go back home and had no reason to be fearful of coming or going from the United States.”


IT expert Marcus Hutchins was branded a hero for slowing down the WannaCry global cyber attack

The NHS was brought to its knees in May when hackers downed computer systems, leaving front-line hospital staff unable to access vital patient information.

Operations were cancelled and doctors and nurses were forced to rely on hand-written notes to track patient’s case histories and treatments.

Hutchins hit the headlines after he stopped the unprecedented virus in its tracks in a matter of hours by triggering a “kill switch”.

He is believed to have come up with a solution to the WannaCry ransomware attack from his small bedroom at his parents’ home in Devon.

The blogger said he was "jumping around a room with the excitement" after he discovered that activating a specific web domain could disable the worm, which had demanded a ransom.

He was arrested at Las Vegas airport minutes before he was due to fly home from a week of partying and attending the Black Hat and Def Con cyber-security conference.

Hutchins will appear in court in Wisconsin on August 8.

https://www.thesun.co.uk/news/41759...hins-nhs-wannacry-code-harvests-bank-details/
 
Sponsored Post
Top
Log in Register