About Over 50 Articles Library


Content: Services - Computer

Computer Security No 54: WannaCry - the malware that took over the world (now at version 4.0)

Corporate - Private Computer Security

WannaCry - the malware that took over the world (now at version 4.0)


Last Friday (12/05/17), the WCry or WannaCry ransomware campaign started scanning the Internet for computers that were not patched to the latest version from Microsoft.

WannaCry the malware that took over the world

Origin: In March 2017, Shadow Brothers released several tools stolen from NSA onto the dark web.

Victims: Universities in China, Russia's Ministry of Internal Affairs, National Health Service in the UK, enterprises including Federal Express, the Spanish telecommunication company Telefonica, French car manufacturer Renault and hundreds of thousands of other users.

Modus operandi:

1. Propagation - WannaCry scans for computers for port 445 and leverages EternalBlue to gain access and deploy the WannaCrypt malware onto the machine; after that it scans for nearby machines laterally.

2. Encryption - the encryption phase is executed at the first stage, before any outbound communication.

3. Communication - The TOR client is embedded within the ransomware. It is only used to share the encryption keys with the C2 server.]

Ransom: $300 for the first 3 days, after which it doubles to $600 for the next 4 days, after which the files become unrecoverable.

Kill switch: a security researcher noticed soon after the campaign began that a killswitch domain was unregistered. He promptly registered the domain, but this only slowed the campaign down temporarily. The hackers released further versions (now up to 4.0) with the kill switch code removed.

Microsoft: the patches for the SMB vulnerability exploited by WCry were released on March 14 for all supported windows versions soon after the initial leak, Microsoft has now released aditional patches for unsupported windows versions. The company's President slammed NSA for not disclosing the vulnerability to the vendor.


Check if your system is supported


If it is supported then check that all automatic updates have been installed. If you are running an unsupported version of windows then you will need to install the appropriate match for your system manually. Using these links:

Windows Server 2003 SP2 x64,

Windows Server 2003 SP2 x86,

Windows XP SP2 x64,

Windows XP SP3 x86,

Windows XP Embedded SP3 x86,

Windows 8 x86,

Windows 8 x64

According to Radware, at the moment there are no confirmed reports of victims receiving a key for decryption after making a payment.

(image & info source: Radware website & Microsoft)

A directors and officers cheat sheet on D&O cyber insurance

WannaCry the malware that took over the world

All the Directors and Officers surveys recently published by Wall St Journal, PWC and many others in US, not to mention the one run by Conscious Governance on its large database of Directors and Officers (US, Australia and Europe) point to insufficient preparedness at board level.

Some large law suits with derivative suits against directors:

* Wyndham Worldwide Corporation

* Target Corporation

* The Home Depot

Jury still out in the Wendy's and Yahoo cases...

M-P Cormier (partner in a law firm in US) & J Garner (associate) put together a cheat sheet on D&O insurance for directors. Many of the points made are applicable to other jurisdictions:

* if a data breach claim is not covered under D&O, make sure it is covered elsewhere

* Indemnifiable loss includes provisions/claims arising out of privacy or data breach of any type

*claim broad enough to cover any investigation costs or regulator investigating

*'wrongful act' is suficiently broad to include hacks, cyber extortion, computer fraud, theft of funds, theft of personal info or personal IDs

* policy covers advance defense for counsel selected by director

* misconduct special exclusions

* and more

Worth a read and you can find the article at: http://www.boardmember.com/hot-topics/directors-officers-cheat-sheet-cyber-insurance/

(source:boardmember.com; image source: clipartbay)

To read more: https://corpgov.law.harvard.edu

(image source: poormd.com)

Cyber Security & Privacy suite for Directors and Executives

About Over 50 WannaCry the malware that took over the world

ABG offers the Cyber suite of course modules:

- Cyber threats and defences Module - Tactical plans

- Directors and Officers Module - Strategy

- Risk Management Workshop for Cyber

- Cyber Crisis simulation

Send your enquiries to admin@advisoryboardsgroup.com

NEW SERVICE OFFER from ABG and Conscious Governance:

Cybersecurity Governance Systems Review

to find out more visit:- http://consciousgovernance.com/cybersecurity-governance-systems-review

Beware of the threats

WannaCry the malware that took over the world

1. New Adylkuzz cyberattack (same vulnerability as WCry)

Researchers at Proofpoint discovered on May 16 another large scale cyber attack, exploiting the same vulnerability as WannaCry. It is believed it could dwarf last week's cyberattack.

Instead of locking files, it uses the computers infected to mine virtual currency. Adylkuzz uses the machines to mine in a background task a virtual currency called Monero and then transfers the money created to the virus authors.

It may have been released as early as April, it suddenly renders the servers and computers very slow.

2. DocuSign

DocuSign, a electronic signature and digital transaction mgmt tech company, confirmed a breach at one of its email systems.

"A malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email," DocuSign said in the announcement.

"DocuSign has observed a new phishing campaign that began the morning of May 16 (Pacific Time). The email comes from “dse@dousign.com” with the subject “Legal acknowledgement for Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. We suggest you do not open this email, but rather delete it immediately."

3. Bell

Early this week, Bell Canada, nation's largest telco confirmed the company had been hacked by a criminal who managed to access its customer information illegally. Bell has revenues of $5.85 billion CAD and has over 21 million customers.

"The illegally accessed information contains approximately 1.9 million active email addresses and approximately 1,700 names and active phone numbers," the company said.

4. Apple security updates

Early this week, Apple released security updates for iOS, macOS, Safari, tvOS, iCloud, iTunes, and watchOS to fix a total of 67 unique security vulnerabilities.

See:- https://support.apple.com/en-us/HT201222href=

Blockchain & CryptoCurrencies (Part 4)

WannaCry the malware that took over the world

We started a series about Blockchain and Cryptocurrencies, We will discuss the Blockchain technology, cryptocurrencies and Bitcoin in particular (only in the fortnightly Private Security newsletters - even numbers #54, 56, etc).

1. Bitcoin mining

Bitcoin mining is the process of adding transaction records to Bitcoin's public ledger of past transactions (blockchain). The blockchain helps confirm transactions legitimacy to the rest of the network, as having taken place.

Bitcoinmining.com gives has a good description of the process:

WannaCry the malware that took over the world

People that mine for Bitcoins need to use significant computing power to find new bitcoins or use the cloud to purchase mining capacity.

2. Bitcoin trading

Bitcoin mining is the process of adding transa

A report from Businessinsider.com from January 2017 shows where the most Bitcoin transactions take place: China (over 90%)

The Bitcoin market is very volatile, as announcements that China would investigate exchanges in Beijing and Shanghai on suspicion of market manipulation affected the Bitcoin trading down by 5%.

WannaCry the malware that took over the world


Memories of jokes

About Over WannaCry the malware that took over the world

About Over WannaCry the malware that took over the world

Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au



© About Over 50s 2017             website by aml websites online