The Petya ransomeware attack that has been spreading around the world since 27 June my be the worst of its kind and infections are starting to show up in South Africa.
The Petya ransomware attack that has been spreading across the world since yesterday (27 June) may prove to be the worst of its kind yet experienced. South Africa has remained relatively unscathed, but infections are beginning here.
ESET researchers have located the point from which this global epidemic has all started. Attackers have successfully compromised the accounting software M.E.Doc, popular across various industries in Ukraine, including financial institutions. Several of them executed a trojanized update of M.E.Doc, which allowed attackers to launch the massive ransomware campaign today which spread across the whole country and to the whole world. M.E.Doc has today released a warning on their website: http://www.me-doc.com.ua/vnimaniyu-polzovateley
Numerous reports are coming out on social media about a new ransomware attack in Ukraine, which could be related to the Petya family, which is currently detected by ESET as Win32/Diskcoder.C Trojan. If it successfully infects the MBR, it will encrypt the whole drive itself. Otherwise, it encrypts all files, like Mischa.
For spreading, it appears to be using a combination of the SMB exploit (EternalBlue) used by WannaCryptor for getting inside the network, then spreading through PsExec for spreading within the network.
This dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and hopefully most vulnerabilities have been patched. It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.
The journalist Christian Borys, for example, tweeted that the cyberattack has “allegedly hit” banks, power grid and postal companies, among others. Moreover, it appears that the government has also come under attack. Borys has also tweeted an image put up on Facebook by Ukraine’s deputy prime minister, Pavlo Rozenko, which shows a computer apparently being encrypted.
The National Bank of Ukraine has also put out a message on its website warning other banks of the ransomware attack. It stated: “Currently, the financial sector strengthened security measures and counter hacker attacks all financial market participants.”
Forbes said that while there appear to be similarities with WannaCryptor – with others describing it as WannaCry-esque – it is likely to be a variant of Petya.
An image, similar to the one witnessed by WannaCryptor victims, reportedly showing the ransomware message is making the rounds online, with one from Group-IB showing the following message (paraphrased):
“If you see this text, then your files are no longer accessible, because they have been encrypted … We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment [$300 bitcoins] and purchase the decryption key.”
However, a spokesman said that “there is no effect on power supplies”, although it may be too early to ascertain this.
It appears that the ransomware attack is not specific to Ukraine. The Independent said that Spain and India may also have been affected, as well as the Danish shipping company Maersk and the British advertising company WPP.
On the latter’s homepage, the following message reads: “The WPP web site is currently unavailable due to important routine maintenance normal service will resume shortly.
“We apologise for any inconvenience this may cause. In the meantime if you would like to contact WPP, please email the site Editor at the following address …”
WPP has since confirmed on Twitter that it has been the victim of an attack: “IT systems in several WPP companies have been affected by a suspected cyberattack. We are taking appropriate measures & will update asap.”
There are also reports that payments are being made in response to the attack, at the BTC address linked here.
For more on Petya, check out this insightful piece from 2016, which notes of the crypto-ransomware:
“Petya took an approach different from that of other crypto-ransomware. Instead of encrypting files individually, it aimed at the file system.
“The target is the victim’s master boot record (MBR), which is responsible for loading the operating system right after system boot.”
In order to prevent this kind of threat, we recommend that you always have your systems fully patched, that you use a proper security solution and that you set up network segmentation, which might help prevent spreading within the network.
Android Go puts reliable smartphones in budget pockets
Nokia, Vodacom and Huawei have all launched entry-level smartphones running the Android Go edition, and all deliver a smooth experience, writes BRYAN TURNER.
Three new and notable Android Go smartphones have recently hit the market, namely the Nokia 1, the Vodafone Smart Kicka 4 and the Huawei Y3 (2018). These phones run one of the most basic versions of Android while still delivering a fairly smooth user experience.
Historically, consumers purchasing smartphones in the budget bracket would have a hit-and-miss experience with processing speed, smoothness of user interface, and app stability. The Google-supported Android Go edition operating system optimises the user experience by stripping out non-important visual effects to speed up the phone. Thish allows for more memory to be used by apps.
Google also ensures that all smartphones running Android Go will receive feature and security updates as they are released by Google. This is a major selling point for these smartphones, as users of this smartphone will always be running the latest software, with virtually no manufacturer bloatware.
Vodafone Smart Kicka 4
At the lowest entry-level, the Vodafone Smart Kicka 4 performs well as a communicator for emails and WhatsApp messages. The 4” screen represents a step up for entry-level Android phones, which were previously standardised at 3.5”.
The display is bright and very responsive, while the limited screen real estate leaves the navigation keys off the screen as touch buttons. It uses 3G connectivity, which might seem like an outdated technology, but is good enough to stream SD videos and music. Vodacom has also thrown in some data gifts if the smartphone is activated before the end of September 2018.
Its camera functionalities might be a slight let down for the aspirant Instagrammer, with a 2MP rear flash camera and a 0.3MP selfie snapper. Speed wise, the keyboard pops up quickly, which is a huge improvement from the Smart Kicka 3. However, this phone will not play well with graphics-intensive games.
Next up is the Nokia 1, which adds a much better 5MP camera, improved battery life and a bigger 4.5” screen. It supports LTE, which allows this smartphone to download and upload at the speed of flagships. It also sports the Nokia brand name, which many consumers trust.
Although the front camera is 2MP, the quality is extremely grainy, even with good lighting. This disqualifies this smartphone for the social media selfie snapper, but the 5MP rear camera will work for the landscape and portrait photographer.
The screen also redeems this smartphone, providing a display which represents colours truly and has great viewing angles. Xpress-on back covers allows the use of interchangeable, multi-coloured back covers, which has proven to be a successful sales point for mid-range smartphones in the past.
Huawei Y3 (2018)
The most capable of the Android Go edition competitors, the Huawei Y3 (2018) packs an even bigger screen at 5”, as well as an improved 8MP rear camera and HD video recording. The screen is the brightest and most vibrant of the three smartphones, but seems to be calibrated to show colours a little more saturated than they actually are.
Nevertheless, the camera outperforms the other smartphones with good colour replication and great selfie capabilities via the 2MP front camera – far superior to the Nokia 1 despite the same spec. LTE also comes standard with this smartphone and Vodacom throws in 4G/LTE data goodies until the end of September 2018. The battery, however, is not removable and may only be replaced by a warranty technician.
Comparing the 3
All three smartphones have removable back covers, which provide access to the battery, SIM card and SD card slots. The smartphones have Micro USB ports on the bottom with headphone jacks on the top. The built-in speakers all performed well, with the Y3 (2018) housing an exceptionally loud built-in speaker.
Although all at different price points, all three phones remain similar in performance and speed. The differentiators are apparent in the components, like camera quality and screen quality. It would be fair to rank the quality of the camera and battery life by respective market prices. The Vodafone Smart Kicka 4 performed well, for its R399 retail price. The Nokia 1, on the other hand, lags quite a bit in features when compared to the Huawei Y3 (2018), bwith oth retailing at R999.
SA gets digital archive
As the world entered the centenary of Nelson Mandela’s birth on Mandela Day, 18 July 2018, South Africa celebrated the launch of a digital living archive.
The southafrica.co.za site carries content about the country’s collective heritage in South Africa’s eleven official languages.
Designed as a nation building, educational and brand promotion web based tool, the free-to-view platform features award-winning photographic and written content by leading South African photographers, authors, academics and photojournalists.
The emphasis is on quality, credible, factual content that celebrates a collective heritage in terms of the following: Cultural Heritage; Natural Heritage; Education; History; Agriculture; Industry; Mining; and Travel.
At the same time as reflecting on the nation’s history, southafrica.co.za celebrates South Africa’s natural, cultural and economic assets so that the youth can learn about their nation in their home language.
Southafrica.co.za Founder and CEO Hans Gerrizen conceptualised southafrica.co.za as a means for youth and communities from outlying areas to benefit from the digital age in terms of the web tool’s empowering educational component.
“We can only stand to deepen our collective experience of democracy and become a more forward planning nation if we know facts about our nation’s past and present in everyone’s home language,” he says.
Southafrica.co.za, with sister company Siyabona Africa, is the organiser and sponsor of the Mandela: 100 Moments photographic exhibition that runs until 30 September at Cape Town’s V&A Waterfront-based Nelson Mandela Gateway to Robben Island. The 3-month exhibition, which runs daily from 08h00 until 15h00, is showcasing one hundred iconic Nelson Mandela images taken by veteran South African photojournalist and self-taught lensman Peter Magubane.