@stuartjordan said in NextCloud Introduces a Ransomware Protection App:

That is Great to hear, they are constantly developing on the project.

They really are. It's very busy.

Pretty sure that ShadowCopy is still time only.

After monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.

NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past. Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.

Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.

You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:

It never bothers to generate a valid infection ID The Master File Table gets overwritten and is not recoverable The author of the original Petya also made it clear NotPetya was not his work

This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.

Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."

Cybersecurity has moved from tech to a CEO and Board-level business issue

You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war. Cybersecurity has moved from tech to a CEO and Board-level business issue. I strongly suggest you have another look at your defense-in-depth, and make sure to:

Have weapons-grade backups
Religiously patch
Step users through new-school security awareness training.

@stus Thanks. Was just reading about it here.

@EddieJennings said in PowerPoint Hovering Attack:

@mlnews Looks like the tl;dr is don't enable content unless you're 100% sure of the source.

Or download it. Or open it....

Never used this but take a look...

http://www.smikar.com/

I mean I know it all sucks and it would be awesome if all the right people got all the right info and took all the right actions. but they don't and won't. So we need to push everyone that we can to do what they can. It's just what we have to work with.

Someone in the CIA is busy explaining to some congressional sponsors how their "no one will ever know it was us" isn't going as planned.

@travisdh1 No, yeah that's a good point.

Just didn't think about it like that.

@Ambarishrh said in virus cleanup-advise needed:

Can webroot help me here, thinking of using webroot and see if it can clean

Maybe. Anything "might" work. But you'll never know.

@Dashrender said in DNSMessenger malware:

That's all fine and dandy my point was that this hack is currently worthless on its own it requires a previous hack in order to make this one work

The point is not how the infection was started. The point is that the infection itself is completely fileless. Never writing data to the disk.

There are multitudes of ways into a Windows system that an attacker could use to execute the initial code.

Wow, that IS a scary one.

It's quite a good show, I watch it often. Good place for science news.

@BBigford said in Torch malware / browser?:

If we're talking about the same Torch, it's not malware. It has a torrent client embedded in it so that might be throwing up a flag.

Not to say it might be a phishing variant, or be compromised in another way. But the browser itself is fine (based on Chrome). Used it for a couple years before moving on.

I saw that there is a split on whether or not it is technically "malware", but that's not as much my concern. I just need to be able to positively tell the customer that it didn't come from our side (and I'm feeling pretty confident in that it did not).

And to my eyes, @BBigford, its behavior absolutely qualifies it as malware. Too much sneaky stuff going on when you use it, pop up ads all over the place, the use of the word "toolbar", etc, but I digress.

@Dashrender said:

I'm curious, what percentage is sold in first world countries versus the rest of the world.

Yes, very good question. The percentages that I have seen are judged on "units shipped" not the amount of money spent on them. As Lenovo completely dominates the Chinese market, I am assuming that a major percentage of those units are sold there. I am also guessing that at least a fair percentage of their sales are very low cost devices. I know that they make Chromebooks and some entry level stuff even for the US market. They might be selling a fraction of the PCs by cost, even if leading in per unit volume.

@Dashrender said:

When I was first hanging my own shingle as an IT consultant we were suggesting to all of our clients that they should purchase and install AV everywhere.

Even in the 1990s that was ridiculous. How does someone manage to get enough money to start a business or hire an IT consultant but doesn't have the brain power to use AV?

@Reid-Cooper do have any documents for the steps to be taken or how this works. So i will recommended to download and check with it.