The Petya ransomeware attack that has been spreading around the world since 27 June my be the worst of its kind and infections are starting to show up in South Africa.
The Petya ransomware attack that has been spreading across the world since yesterday (27 June) may prove to be the worst of its kind yet experienced. South Africa has remained relatively unscathed, but infections are beginning here.
ESET researchers have located the point from which this global epidemic has all started. Attackers have successfully compromised the accounting software M.E.Doc, popular across various industries in Ukraine, including financial institutions. Several of them executed a trojanized update of M.E.Doc, which allowed attackers to launch the massive ransomware campaign today which spread across the whole country and to the whole world. M.E.Doc has today released a warning on their website: http://www.me-doc.com.ua/vnimaniyu-polzovateley
Numerous reports are coming out on social media about a new ransomware attack in Ukraine, which could be related to the Petya family, which is currently detected by ESET as Win32/Diskcoder.C Trojan. If it successfully infects the MBR, it will encrypt the whole drive itself. Otherwise, it encrypts all files, like Mischa.
For spreading, it appears to be using a combination of the SMB exploit (EternalBlue) used by WannaCryptor for getting inside the network, then spreading through PsExec for spreading within the network.
This dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and hopefully most vulnerabilities have been patched. It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.
The journalist Christian Borys, for example, tweeted that the cyberattack has “allegedly hit” banks, power grid and postal companies, among others. Moreover, it appears that the government has also come under attack. Borys has also tweeted an image put up on Facebook by Ukraine’s deputy prime minister, Pavlo Rozenko, which shows a computer apparently being encrypted.
The National Bank of Ukraine has also put out a message on its website warning other banks of the ransomware attack. It stated: “Currently, the financial sector strengthened security measures and counter hacker attacks all financial market participants.”
Forbes said that while there appear to be similarities with WannaCryptor – with others describing it as WannaCry-esque – it is likely to be a variant of Petya.
An image, similar to the one witnessed by WannaCryptor victims, reportedly showing the ransomware message is making the rounds online, with one from Group-IB showing the following message (paraphrased):
“If you see this text, then your files are no longer accessible, because they have been encrypted … We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment [$300 bitcoins] and purchase the decryption key.”
However, a spokesman said that “there is no effect on power supplies”, although it may be too early to ascertain this.
It appears that the ransomware attack is not specific to Ukraine. The Independent said that Spain and India may also have been affected, as well as the Danish shipping company Maersk and the British advertising company WPP.
On the latter’s homepage, the following message reads: “The WPP web site is currently unavailable due to important routine maintenance normal service will resume shortly.
“We apologise for any inconvenience this may cause. In the meantime if you would like to contact WPP, please email the site Editor at the following address …”
WPP has since confirmed on Twitter that it has been the victim of an attack: “IT systems in several WPP companies have been affected by a suspected cyberattack. We are taking appropriate measures & will update asap.”
There are also reports that payments are being made in response to the attack, at the BTC address linked here.
For more on Petya, check out this insightful piece from 2016, which notes of the crypto-ransomware:
“Petya took an approach different from that of other crypto-ransomware. Instead of encrypting files individually, it aimed at the file system.
“The target is the victim’s master boot record (MBR), which is responsible for loading the operating system right after system boot.”
In order to prevent this kind of threat, we recommend that you always have your systems fully patched, that you use a proper security solution and that you set up network segmentation, which might help prevent spreading within the network.
Veeam passes $1bn, prepares for cloud’s ‘Act II’
Leader in cloud-data management reveals how it will harness the next growth phase of the data revolution, writes ARTHUR GOLDSTUCK
Veeam Software, the quiet leader in backup solutions for cloud data management,has announced that it has passed $1-billion in revenues, and is preparing for the next phase of sustained growth in the sector.
Now, it is unveiling what it calls Act II, following five years of rapid growth through modernisation of the data centre. At the VeeamON 2019conferencein Miami this week, company co-founder Ratmir Timashev declared that the opportunities in this new era, focused on managing data for the hybrid cloud, would drive the next phase of growth.
“Veeam created the VMware backup market and has dominated it as the leader for the last decade,” said Timashev, who is also executive vice president for sales and marketing at the organisation. “This was Veeam’s Act I and I am delighted that we have surpassed the $1 billion mark; in 2013 I predicted we’d achieve this in less than six years.
“However, the market is now changing. Backup is still critical, but customers are now building hybrid clouds with AWS, Azure, IBM and Google, and they need more than just backup. To succeed in this changing environment, Veeam has had to adapt. Veeam, with its 60,000-plus channel and service provider partners and the broadest ecosystem of technology partners, including Cisco, HPE, NetApp, Nutanix and Pure Storage, is best positioned to dominate the new cloud data management in our Act II.”
In South Africa, Veeam expects similar growth. Speaking at the Cisco Connect conference in Sun City this week, country manager Kate Mollett told Gadget’s BRYAN TURNER that the company was doing exceptionally well in this market.
“In financial year 2018, we saw double-digit growth, which was really very encouraging if you consider the state of the economy, and not so much customer sentiment, but customers have been more cautious with how they spend their money. We’ve seen a fluctuation in the currency, so we see customers pausing with big decisions and hoping for a recovery in the Rand-Dollar. But despite all of the negatives, we have double digit growth which is really good. We continue to grow our team and hire.
“From a Veeam perspective, last year we were responsible for Veeam Africa South, which consisted of South Africa, SADC countries, and the Indian Ocean Islands. We’ve now been given the responsibility for the whole of Africa. This is really fantastic because we are now able to drive a single strategy for Africa from South Africa.”
Veeam has been the leading provider of backup, recovery and replication solutions for more than a decade, and is growing rapidly at a time when other players in the backup market are struggling to innovate on demand.
“Backup is not sexy and they made a pretty successful company out of something that others seem to be screwing up,” said Roy Illsley, Distinguished Analyst at Ovum, speaking in Miami after the VeeamOn conference. “Others have not invested much in new products and they don’t solve key challenges that most organisations want solved. Theyre resting on their laurels and are stuck in the physical world of backup instead of embracing the cloud.”
Illsley readily buys into the Veeam tagline. “It just works”.
“They are very good at marketing but are also a good engineering comany that does produce the goods. Their big strength, that it just works, is a reliable feature they have built into their product portfolio.”
Veeam said in statement from the event that, while it had initially focused on server virtualisation for VMware environments, in recent years it had expanded this core offering. It was now delivering integration with multiple hypervisors, physical servers and endpoints, along with public and software-as-a-service workloads, while partnering with leading cloud, storage, server, hyperconverged (HCI) and application vendors.
This week, it announced a new “with Veeam”program, which brings in enterprise storage and hyperconverged (HCI) vendors to provide customers with comprehensive secondary storage solutions that combine Veeam software with industry-leading infrastructure systems. Companies like ExaGrid and Nutanix have already announced partnerships.
Timashev said: “From day one, we have focused on partnerships to deliver customer value. Working with our storage and cloud partners, we are delivering choice, flexibility and value to customers of all sizes.”
‘Energy scavenging’ funded
As the drive towards a 5G future gathers momentum, the University of Surrey’s research into technology that could power countless internet enabled devices – including those needed for autonomous cars – has won over £1M from the Engineering and Physical Sciences Research Council (EPSRC) and industry partners.
Surrey’s Advanced Technology Institute (ATI) has been working on triboelectric nanogenerators (TENG), an energy harvesting technology capable of ‘scavenging’ energy from movements such as human motion, machine vibration, wind and vehicle movements to power small electronic components.
TENG energy harvesting is based on a combination of electrostatic charging and electrostatic induction, providing high output, peak efficiency and low-cost solutions for small scale electronic devices. It’s thought such devices will be vital for the smart sensors needed to enable driverless cars to work safely, wearable electronics, health sensors in ‘smart hospitals’ and robotics in ‘smart factories.’
The ATI will be partnered on this development project with the Georgia Institute of Technology, QinetiQ, MAS Holdings, National Physical Laboratory, Soochow University and Jaguar Land Rover.
Professor Ravi Silva, Director of the ATI and the principal investigator of the TENG project, said: “TENG technology is ideal to power the next generation of electronic devices due to its small footprint and capacity to integrate into systems we use every day. Here at the ATI, we are constantly looking to develop such advanced technologies leading towards our quest to realise worldwide “free energy”.
“TENGs are an ideal candidate to power the autonomous electronic systems for Internet of Things applications and wearable electronic devices. We believe this research grant will allow us to further the design of optimized energy harvesters.”