Here’s How A Security Researcher Accidentally Stopped WanaCrypt0r Ransomware

Here’s How A Security Researcher Accidentally Stopped WanaCrypt0r Ransomware

Recently a 22-year-old researcher from @Malware TechBlog had discovered a ‘kill switch’ that can disable all the functionality of the Wanacrypt0r 2.0 ransomware. Well, the ransomware attempts to connect to an unregistered domain after operating on victim’s computer.

Earlier this year the hacking group ‘The Shadow Brokers’ decided to give away the hacking tools that were stolen from the NSA for free. Well, the tools can be used to hack computers running on Microsoft Windows.

The malicious software WanaCryptor 2.0 which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind.

Recently a 22-year-old researcher from @Malware TechBlog had discovered a ‘kill switch’ that can disable all the functionality of the Wanacrypt0r 2.0 ransomware. Well, the ransomware attempts to connect to an unregistered domain after operating on victim’s computer.

If the connection takes place, the ransomware closes itself and also stops spreading. That means that as long as the domain was unregistered and inactive, the ransomware keeps expanding itself.

The researcher bought the domain for $10.69. Once the URL went live after purchasing, the whole thing closed down. Now when the code pinged that domain, it turn out to be purchased and then the ransomware deactivated.

The researcher claimed that ‘a bit of analysis’ led him to the discovery of the domain. However, finding the kill switch was accidental. So, eventually, he pulled the plug without even realizing.

Massive WanaCrypt0r Ransomware Attack Hits 99 Countries Around The world

Massive WanaCrypt0r Ransomware Attack Hits 99 Countries Around The world

The malicious software WanaCryptor which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind. Dozens of countries have been affected by this ransomware attack. The attack locks up computers and holds users’ documents for ransom.

If we look back at August 2016, The hackers group named “The Shadow Brokers” claims to have penetrated an NSA-backed hacking operation. The group of hackers claimed that they have hacked into “Equation Group” which is a cyber attack group widely believed to be associated with NSA.

Earlier this year, the hacking group have decided to give away hacked tools and files for free. They took it to medium and shared the password to unlock the encrypted folder of files to the public.

Well, the hacking tools that were stolen from the NSA can be used for hacking computers running on Microsoft windows. The malicious software WanaCryptor 2.0 which is also known as WCry is now being used to carry out one of the biggest ransomware attacks of its kind.

Well, Dozens of countries have been affected by this ransomware attack. The attack locks up computers and holds users’ documents for ransom. The more shocking thing is, the ransomware is targeting multiple companies, government agencies, and even hospitals.

Security researchers at Avast have recorded over 57,000 detections of WanaCryptor 2.0 ransomware in 99 countries. Let me tell you, after the attack, the ransom being demanded is $300 worth of bitcoins.

Well, the attack displays a message which instructs how to pay the ransom, explanation of the attack and a timer. Here’s the message:

Wanadecrypt0r

According to Avast security blog “The ransomware is mainly being targeted to Russia, Ukraine, and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica.”

Avast security blog says “We saw the first version of WanaCrypt0r in February and now the ransomware is available in 28 different languages, from languages like Bulgarian to Vietnamese.”

This malware is spreading by exploiting a vulnerability called EternalBlue. The scam might be spreading because of phishing emails with malicious attachments that infect users computers when they click on them. Well, the official government says that not to pay those criminals behind such attacks.

Well, Avast security blog reported that good antivirus program can detect all known version of WanaCryptor 2.0. However, they also recommended users to fully update their system with the latest available patches.

Just now we have also seen Reserve Bank of India has shut down some ATMs all over the India as a preventive measure against the ransomware and had also asked banks to put in place a software update at ATMs.

check out the video of Wnnacry live propogation in system:

https://www.youtube.com/watch?v=Nrw5qkqKGXQ

 

How it works:

WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore.

It targets Microsoft’s widely used Windows operating system.

When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300.

The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline of when the target will lose its data forever.

Payment is only accepted in bitcoin.

The ransomware’s name is WCry, but analysts are also using variants such as WannaCry.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the US’ National Security Agency (NSA), according cyber-security providers.

How it spreads:

Ransomware is a programme that gets into your computer, either by clicking or downloading malicious files. It then holds your data as ransom.

Some security researchers say the infections in the case of WannaCry seem to be deployed via a worm, spreading by itself within a network rather than relying on humans to spread it by clicking on an infected attachment.

The programme encrypts your files and demands payment in order to regain access.

Security experts warn there is no guarantee that access will be granted after payment.

Some forms of ransomware execute programmes that can lock your computer entirely, only showing a message to make payment in order to log in again.

Others create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.

Steps on how to avoid Ransomware

1. Backup your computer immediately

Investing in an external hard drive and making regular backups will help you in protecting your data, if not in saving you against malware.A data backup can save you from significant stress, time and money in the event when your computer becomes infected.

Alternatively, you can subscribe to a cloud backup service and upload your most important data regularly. Free cloud services like Google Drive, Apple iCloud or Dropbox can also be used to store your most valuable data without spending a dime.

2. Immediately patch your Windows with Microsoft’s recently released fix

This Ransomware spread through a weakness in Microsoft Windows which was formerly exploited by US surveillance agency NSA.

This tool, unfortunately, was leaked in April 2017 and is now being used by hackers behind Wanna Cry Ransomware.

In response, Microsoft released a fix for this vulnerability which can be applied by those who are still safe from Wanna Cry Ransomware.

3. Update your operating system

Though Microsoft did release a fix for the vulnerability; we still do not know if any similar vulnerabilities still exist in the OS. In this case, it is necessary that you update your OS to the latest version, preferably Windows 10, as soon as you can.

4. Steer clear of suspicious emails and websites

Phishing emails are not uncommon, any email containing links or files can grant malware access to your computer therefore keep your eyes open and steer clear from any such emails.

Ransomware can also infect computers via malicious website advertisements or through the installation of unverified software. The best defense in such cases is to avoid any such website or software links as they may lead to the installation of malware or Ransomware program.

5. Use Firewall

Using a firewall can stop ransomware from entering your system. A firewall guards your online communications and makes sure that no suspicious or unauthorized program access your computer without your consent.

It is necessary that you keep your firewall software updated at all times, so you remain safe from any recent forms of malware. Also, make sure not to approve any suspicious files from bypassing your firewall security and entering your system.

6. Don’t pay

One thing that you must remember is that paying ransomware does not guarantee its removal from your computer. Giving in to the hacker’s demand and paying the ransomware amount only gives attackers the arsenal they need to create and spread more ransomware programs.

You should instead try restoring a pre-infection backup of your computer. If a backup is not available, but the files are important for you or your business, seek the help of a computer professional. Don’t give in.

1494790371-2669-1

KEEP YOUR SYSTEM SAFE

Microsoft took nine months to fix this bug in Word as hackers continued to exploit the weakness

Microsoft took nine months to fix this bug in Word as hackers continued to exploit the weakness

To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft’s regular monthly security update.

But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time. Google’s security researchers, for example, give vendors just 90 days’ warning before publishing flaws they find. Microsoft Corp declined to say how long it usually takes to patch a flaw. While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine.

And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries. Those conclusions and other details emerged from interviews with researchers at cyber security firms who studied the events and analyzed versions of the attack code. Microsoft confirmed the sequence of events.

The tale began last July, when Ryan Hanson, a 2010 Idaho State University graduate and consultant at boutique security firm Optiv Inc in Boise, found a weakness in the way that Microsoft Word processes documents from another format. That allowed him to insert a link to a malicious program that would take control of a computer.

Combating flaws

Hanson spent some months combining his find with other flaws to make it more deadly, he said on Twitter. Then in October he told Microsoft. The company often pays a modest bounty of a few thousands dollars for the identification of security risks. Soon after that point six months ago, Microsoft could have fixed the problem, the company acknowledged. But it was not that simple. A quick change in the settings on Word by customers would do the trick, but if Microsoft notified customers about the bug and the recommended changes, it would also be telling hackers about how to break in.

Alternatively, Microsoft could have created a patch that would be distributed as part of its monthly software updates. But the company did not patch immediately and instead dug deeper. It was not aware that anyone was using Hanson’s method, and it wanted to be sure it had a comprehensive solution.

“We performed an investigation to identify other potentially similar methods and ensure that our fix addresses [sic] more than just the issue reported,” Microsoft said through a spokesman, who answered emailed questions on the condition of anonymity. “This was a complex investigation.” Hanson declined interview requests. The saga shows that Microsoft’s progress on security issues, as well as that of the software industry as a whole, remains uneven in an era when the stakes are growing dramatically.

The United States has accused Russia of hacking political party emails to interfere in the 2016 presidential election, a charge Russia denies, while shadowy hacker groups opposed to the U.S. government have been publishing hacking tools used by the Central Intelligence Agency and National Security Agency.

Attacks begin

It is unclear how the unknown hackers initially found Hanson’s bug. It could have been through simultaneous discovery, a leak in the patching process, or even hacking against Optiv or Microsoft. In January, as Microsoft worked on a solution, the attacks began. The first known victims were sent emails enticing them to click on a link to documents in Russian about military issues in Russia and areas held by Russian-backed rebels in eastern Ukraine, researchers said. Their computers were then infected with eavesdropping software made by Gamma Group, a private company that sells to agencies of many governments.

The best guess of cyber security experts is that one of Gamma’s customers was trying to get inside the computers of soldiers or political figures in Ukraine or Russia; either of those countries, or any of their neighbors or allies, could have been responsible. Such government espionage is routine.

The initial attacks were carefully aimed at a small number of targets and so stayed below the radar. But in March, security researchers at FireEye Inc noticed that a notorious piece of financial hacking software known as Latenbot was being distributed using the same Microsoft bug. FireEye probed further, found the earlier Russian-language attacks, and warned Microsoft. The company, which confirmed it was first warned of active attacks in March, got on track for an April 11 patch.

Then, what counts as disaster in the world of bug-fixers struck. Another security firm, McAfee, saw some attacks using the Microsoft Word flaw on April 6. After what it described as “quick but in-depth research,” it established that the flaw had not been patched, contacted Microsoft, and then blogged about its discovery on April 7. The blog post contained enough detail that other hackers could mimic the attacks. Other software security professionals were aghast that McAfee did not wait, as Optiv and FireEye were doing, until the patch came out.

McAfee Vice President Vincent Weafer blamed “a glitch in our communications with our partner Microsoft” for the timing. He did not elaborate. By April 9, a program to exploit the flaw was on sale on underground markets for criminal hackers, said FireEye researcher John Hultquist. The next day, attacks were mainstream. Someone used it to send documents booby-trapped with Dridex banking-fraud software to millions of computers in Australia.

Finally, on the Tuesday, about six months after hearing from Hanson, Microsoft made the patch available. As always, some computer owners are lagging behind and have not installed it. Ben-Gurion University employees in Israel were hacked, after the patch, by attackers linked to Iran who took over their email accounts and sent infected documents to their contacts at technology companies and medical professionals, said Michael Gorelik, vice president of cyber security firm Morphisec.

When Microsoft patched, it thanked Hanson, a FireEye researcher and its own staff. A six-month delay is bad but not unheard of, said Marten Mickos, chief executive of HackerOne, which coordinates patching efforts between researchers and vendors. “Normal fixing times are a matter of weeks,” Mickos said. Privately-held Optiv said through a spokeswoman that it usually gives vendors 45 days to make fixes before publishing research when appropriate, and that it “materially followed” that practice in this case.

Optiv is now comparing the details of what Hanson told Microsoft with what the spies and criminals used in the wild, trying to find out if the researcher’s work was partly responsible for the worldwide hacking spree, the spokeswoman said. The spree included one or more people who created a hacking tool for what FireEye’s Hultquist said is probably a national government – and then appearing to double-dip by also selling it to a criminal group. If the patching took time, others who learned of the flaw moved quickly.

On the final weekend before the patch, the criminals could have sold it along to the Dridex hackers, or the original makers could have cashed in a third time, Hultquist said, effectively staging a last clearance sale before it lost peak effectiveness. It is unclear how many people were ultimately infected or how much money was stolen.

Indian Army’s ‘Future Soldier Program’ Will Make Our Soldiers The Most Feared On The Planet

Indian Army’s ‘Future Soldier Program’ Will Make Our Soldiers The Most Feared On The Planet

Hate it or love it, wars are a reality and the army with the best soldiers prevails. While the American, Russian and Israeli soldier battle-gears are known around the world as the most advanced, the Indian Army’s two-phase ‘Future Soldier’ program, earlier known as F-INSAS (Future Infantry Soldier As A System), will make our soldiers the most fiercely equipped soldiers on the planet.

indian-army-future-soldier-program-800-2-1450950873

The ‘Future Soldier’ program is divided into two components – the first one being ‘Arming the modern infantry soldier’. Under this, our ‘special forces’ commandos will be loaded with the world’s best under-barrel grenade launcher assault rifles, carbines and hand grenades. They will be protected with equipment such as non-flammable, waterproofed, hard ballistic protected and bulletproof helmets, visors and vests.  The new attire will enable commandos to carry extra loads and resist the impact of nuclear, radiological, chemical and biological warfare. The uniforms will also be fitted with external and internal oxygen supply, fire-proof knee and elbow pads and hand gloves and laser eye protection goggles.

 Untitled
indian-army-future-soldier-program-800-6-a-1450952114
The second component is something straight out of a Hollywood movie. Our commandos will be equipped with Palmtop GPS navigation devices, world’s most advanced satellite phones, Integrated Multifunction Sight Device Night Vision Equipment, Thermal Imager, Laser Range-Finder, Colour Charge-Coupled-Device (CCD) Camera,  Digital Magnetic Compass, Integrated Electro-Optical Surveillance and Fire Control Systems and advanced GPS receivers.

The list of sensors our boys will be carrying is just mind blowing – infrared sensors, thermal sensors, electro optical sensors, spectroscopic sensors, electromagnetic and radio frequency sensors. What’s even better is that this entire kickass technology is weatherproof and all-terrain tested.

indian-army-future-soldier-program-800-4-a-1450950980indian-army-future-soldier-program-800-4-b-1450951022indian-army-future-soldier-program-800-5-b-1450951100indian-army-future-soldier-program-800-6-b-1450951208
The program strongly relies on indigenous DRDO-led development of this technology with massive support from Israel.
Once equipped with tech and advanced weaponry, Indian special forces will be able to operate in virtually any and every sort of battle scenario.
Wikipedia founder Jimmy Wales launches platform called Wikitribune to tackle fake news

Wikipedia founder Jimmy Wales launches platform called Wikitribune to tackle fake news

Jimmy Wales, the founder of online encyclopedia Wikipedia, has launched a website aimed at countering the spread of fake news by bringing together professional journalists and a community of volunteers and supporters to produce news articles. The new platform, called Wikitribune, will be free to access and carry no advertising, instead relying on its readers to fund it, while the accuracy of news reports will be easily verifiable as source material will be published, Wales said.

“The news is broken, but we’ve figured out how to fix it,” he said in a promotional video posted on the website’s homepage. The online proliferation of fake news, some of it generated for profit and some for political ends, became a major topic of angst and debate in many developed countries during last year’s U.S. presidential election. Wales argued in his video that because people expected to get news for free on the Internet, news sites were reliant on advertising money, which created strong incentives to generate so-called “clickbait”, catchy headlines to attract viewers.

“This is a problem because ads are cheap, competition for clicks is fierce and low-quality news sources are everywhere,” said Wales. He also argued that social media networks, where an ever-increasing number of people get their news, were designed to show users what they wanted to see, confirm their biases and keep them clicking at all costs. Social media giant Facebook was widely criticized last year for not doing enough to prevent fake news reports from spreading on its platform, and has announced new tools to tackle the problem.

Wales said Wikitribune would combine professional, standards-based journalism with what he called “the radical idea from the world of wiki that a community of volunteers can and will reliably protect the integrity of information”. He said articles would be authored, fact-checked and verified by journalists and volunteers working together, while anyone would be able to flag up issues and submit fixes for review. “As the facts are updated, the news becomes a living, evolving artifact, which is what the Internet was made for,” he said. The Wikitribune homepage said the platform would go live in 29 days. It also indicated that the intention was to hire 10 journalists, but none had been hired so far.

This Awesome Periodic Table Tells Us How All Those Elements Are Actually Used

This Awesome Periodic Table Tells Us How All Those Elements Are Actually Used

We all have got a pretty good idea about what’s on the periodic table.

But whether you’re looking at something common like calcium, iron, and carbon, or something more obscure like krypton and antimony, how well do you know their functions? Could you name just one practical application for vanadium or ruthenium?

Lucky for us, Keith Enevoldsen from elements.wlonk.com has come up with this awesome periodic table that gives you at least one example for every single element (except for those weird superheavy elements that don’t actually exist in nature).

There’s thulium for laser eye surgery, cerium for lighter flints, and krypton for flashlights. You’ve got strontium for fireworks, and xenon for high-intensity lamps inside lighthouses.

Oh and that very patriotic element, americium? We use that in smoke detectors.

First unveiled in 1945 during the Manhattan Project, americium is produced by bombarding plutonium with neutrons in a nuclear reactor.

The resulting americium is radioactive, and while the tiny amounts of americium dioxide (AmO2) used in smoke detector produces alpha radiation to sniff out a fire, it will deliver approximately zero radiation to anyone living nearby.

We want to tell you all about rubidium and how we use it in the world’s most accurate time-keeping devices, and how niobium can help make trains levitate, but you should just check out the periodic table for yourself.

Elements_Pics_Clickable_w1000

For the real interactive experience of the periodic table, click here to try it out.

The periodic table even got the four brand new elements that earned a permanent spot in the seventh row back in January (which unfortunately have no cool uses outside of atomic research.

You can also download the PDF below for Learning and Teaching purposes.

Elements_Pics+Words_11x8.5

Indian Navy successfully test fires the BrahMos Land Attack Supersonic Cruise Missile

Indian Navy successfully test fires the BrahMos Land Attack Supersonic Cruise Missile

Land-attack version of Brahmos supersonic cruise missile being successfully test-fired by the Navy in the Bay of Bengal on Friday

An Indian Naval ship for the first time on Friday fired a land-attack BrahMos supersonic cruise missile. “Land attack version of BrahMos supersonic cruise missile was fired for the first time from an Indian Navy’s stealth frigate, off the eastern coast, at a land target,” said a source in the Ministry of Defence. “So, far only anti-ship version of BrahMos had been fired by Indian Navy,” the source added.

The missile was fired from the Indian Naval ship Teg, a Guided Missile Frigate. The frontline ships of the Indian Navy, including the Kolkata, Ranvir and Teg classes of ships currently have the capability of firing the BrahMos missile. The missile is meant to be used on land based targets from stand-off ranges in sea, from a distance that allows the Indian Navy to avoid defensive fire from the target.

The cruise missile was test fired from a mobile launcher from the Integrated Test Range (ITR) at Chandipur near Balasore, Odisha at about 11.33 AM, Defence Research and Development Organisation (DRDO) officials said. “It was an excellent launch and a great success,” a senior DRDO scientist associated with this project said. The missile is capable of carrying a warhead of 300 kg. The two-stage missile, one being solid and the second one ramjet liquid propellant, has already been inducted into the Army and Navy, while the Air Force version is in final stage of trial, they said.

The Army is already equipped with three regiments of Block III version of Brahmos missiles. While induction of the first version of BrahMos missile system in the Indian Navy began in 2005 with INS Rajput, it is now fully operational with two regiments of the Army, they said. After two successful test trials of BrahMos missile from INS Kolkata in June 2014 and February 2015, test firing from INS Kochi on September 30, 2015 had validated the newly commissioned ships systems.

The air launch version and the submarine launch version of the missile system are in progress. The Army has so far placed orders for the BrahMos missile to be deployed by three regiments of the Army and two of them have already been inducted operationally.

This puts India in a select club of nations with such capability. The land-attack version of BrahMos has been operationalised in the Indian Army since 2007. The BrahMos missile, with a range of 290 km and a Mach 2.8 speed, is capable of being launched from land, sea and sub-sea pads against sea and land targets. The missile can be used to precisely neutralise land based targets that are located deep inland and far away from the coast.

BrahMos, jointly developed by India and Russia, is considered the only supersonic cruise missile in the world. The missile was first inducted in the India Navy in 2005. India is developing 450 km and 800 km range BrahMos missiles and an air launched version, designed to be delivered from Su-30 jets. It is also in the development phase. With the sucessful test firing of a land attack supersonic cruise missile, India joins a select group of nations around the world with the capability.