Day: June 28, 2017

Posted on

Tuesday’s massive ransomware outbreak was, in fact, something much worse

Enlarge /

Code in Tuesday’s attack, shown on the left, was altered to permanently destroy hard drives.


reader comments
11

Tuesday’s massive outbreak of malware that shut down computers around the world has been almost universally blamed on ransomware, which by definition seeks to make money by unlocking data held hostage only if victims pay a hefty fee. Now, some researchers are drawing an even bleaker assessment—that the malware was a wiper with the objective of permanently destroying hard drives.

Initially, researchers said the malware was a new version of the Petya ransomware that first struck in early 2016. Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya’s behaviors. With more time to analyze the malware, researchers on Wednesday are highlighting some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive that it’s impossible for victims to recover their data.

In other words, the researchers said, the payload delivered in Tuesday’s outbreak wasn’t ransomware at all. Instead, its true objective was to permanently destroy as many hard drives as possible on infected networks, in much the way the Shamoon disk wiper left a wake of destruction in Saudi Arabia. Some researchers have said Shamoon is likely the work of developers sponsored by an as-yet unidentified country. Researchers analyzing Tuesday’s malware—alternatively dubbed PetyaWrap, NotPetya, and ExPetr—are speculating the ransom note left behind in Tuesday’s attack was, in fact, a hoax intended to capitalize on media interest sparked by last month’s massive WCry outbreak.

“The ransomware was a lure for the media,” researcher Matt Suiche of Comae Technologies, wrote in a blog post published Wednesday. “This version of Petya actually wipes the first sectors of the disk like we have seen with malwares such as Shamoon.” He went on to write: “We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents, to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon.”

Suiche provided the above side-by-side code comparison contrasting Tuesday’s payload with a Petya version from last year. Both pieces of code take aim at two small files—the master boot record and master file table—that are so crucial that a disk won’t function if they are missing or corrupted. But while the earlier Petya encrypts the master boot record and saves the value for later decryption, Tuesday’s payload, by contrast, was rewritten to overwrite the master boot record. This means that, even if victims obtain the decryption key, restoring their infected disks is impossible.

“Petya 2016 modifies the disk in a way where it can actually revert its modification,” Suiche told Ars. “Whereas yesterday’s one does some permanent damage to the disk.”

Researchers at antivirus provider Kaspersky Lab, in their own blog post published Wednesday, also labeled the previous day’s malware a wiper. They confirmed Suiche’s finding that the damage was irreversible. In an e-mail, they wrote:

Our analysis indicates there is little hope for victims to recover their data. We have analyzed the high-level code of the encryption routine, and we have figured out that, after disk encryption, the threat actor could not decrypt victims’ disks. To decrypt a victim’s disk, threat actors need the installation ID. In previous versions of “similar” ransomware like Petya/Mischa/GoldenEye, this installation ID contained the information necessary for key recovery. ExPetr does not have that, which means that the threat actor could not extract the necessary information needed for decryption. In short, victims could not recover their data.

Definitely not designed to make money

Another researcher who uses the handle the grugq published an analysis that also supported the theory that Tuesday’s outbreak wasn’t a true ransomware attack. The analysis noted that the malware used a single Bitcoin address to receive ransom payments, a shortcoming that’s not found in most professionally developed ransomware because it requires attackers to manually process large numbers of payments. Tuesday’s malware also required victims to manually type a long string of human-unfriendly characters into an e-mail address, a hurdle professional ransomware developers avoid because it decreases the likelihood that victims will pay. Tuesday’s malware also required victims to contact attackers through an e-mail account that was closed within hours of Tuesday’s outbreak, killing any incentive for victims to pay.

In almost all other aspects, Tuesday’s malware was impressive. It used two exploits developed by and later stolen from the National Security Agency. It combined those exploits with custom code that stole network credentials so the malware could infect fully patched Windows computers. And it was seeded by compromising the update mechanism for M.E.Doc, a tax-filing application that is almost mandatory for companies that do business in Ukraine. The shortcomings in the ransomware functions aren’t likely to be mistakes, considering the overall quality of the malware.

“The superficial resemblance to Petya is only skin deep,” the grugq wrote. “Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of ‘ransomware.'”

The theories are consistent with this post from Wired, which reports that Ukrainian government officials are saying Tuesday’s attack was sponsored by a national government. The Ukrainian government has previously blamed Russia for attacks—one in December 2015 and another in December 2016—that both caused blackouts by hacking Ukrainian power facilities. A cover story Wired published last week lays out much of the evidence substantiating the claims of Russian involvement. Asked if Russia was behind Tuesday’s attack, a government official told reporter Andy Greenberg: “It’s difficult to imagine anyone else would want to do this.”

from Ars Technica http://ift.tt/2tmfVzz
via IFTTT

Posted on

Ultra-Thin Camera Says Good-Bye to the Lens

A new proof-of-concept design retires one of the most familiar parts of a traditional camera: the lens. By swapping out the glass lens with a tiny array of light receivers, a California Institute of Technology team believes the thinner, lighter model supports a new wave of ubiquitous imaging.

from NASA Tech Briefs http://ift.tt/2t1YNMH
via IFTTT

Posted on

Pricey electric bicycle wheel gets you to work sweat-free

Yes, I own a bike. But it’s nothing to get excited about. A neighbor put it on the sidewalk with a "free" sign, and bam! I had a bicycle. It’s old and rusty but perfect for neighborhood errands. I normally wouldn’t use it to ride to work, but the $1,000 GeoOrbital wheel could change that. If I could afford it.

If you live in an urban environment, you’ve probably noticed the rise in the number of electric bicycles cruising in the bike lanes. With battery packs strapped to the frame and oversize rear hubs powering daily commutes, the riders show up to work without looking like a sweating mess. But if you’ve already got a bike and are short on space (there’s barely enough room in your studio apartment for that second lamp), the GeoOrbital converts your two-wheeled whip into an electric one without too much hassle.

The electric wheel contains all the necessary technology needed to drag you around town: battery, motor, guide wheels and a throttle you attach to your handlebars. In other words, it’s heavy. Heavier than my actual bike, and if you’re the type of commuter who has to carry his bike up and down stairs to catch mass transit, you’re going to notice that extra poundage.

The company says the whole contraption can be installed in 60 seconds. If you don’t count the time I spent adjusting my brakes, it took less than 45 seconds on the first try. Subsequent installs take less than 30 seconds.

OLYMPUS DIGITAL CAMERA

Once you’re ready to roll, the GeoOrbital requires a key to be turned on. The same key is used to unlock the removable battery. It also ships with two keys in case you have a shared bike or you’re prone to losing things.

I weigh over 200 pounds, so I wasn’t sure how well the wheel would perform on the hills of San Francisco. On the flats, it did a great job pulling me along. The GeoOrbital’s top speed of 20 miles per hour was quick enough to keep up with other cyclists without actually pedaling. But I was regularly passed by anyone wearing spandex.

On hills, I actually had to pedal. Yet, it was never enough to work up a sweat. It was more like a leisurely climb. I watched others struggle to get up the same hill and I felt like maybe I was cheating. People ride bikes for a host of reasons and one of them is to be in better shape. I was circumventing that. That lingered in my mind as I passed another person huffing and puffing while trying to get up the incline. Seeing them struggle while I glided by squelched any guilt I had about losing out on a workout.

GeoOrbital says the wheel will do 12 miles before needing a recharge. My large frame and the hills I tackled brought that down to about 10 miles. An impressive feat. But once that battery power disappears, the wheel becomes a huge albatross that turns your ride into an intense leg workout.

OLYMPUS DIGITAL CAMERA

Controlling the speed of the bike is where the handlebar-mounted thumb-controlled throttle comes in. If you’ve ever ridden a quad or ATC, you’ll recognize the design. Just depress the gray lever and away you go. It took a few tries to get the throttle in a comfortable position on the handlebars, but even then (like my old ATC), after about 45 minutes I got thumb fatigue. That’ll probably pass if you ride that far every day, but it takes a while and something to consider.

Except for my maiden voyage, the rides were uneventful. During my first time on the bike, the rubber wheel that propels the main wheel unloaded some rubber bits after dragging my large frame up and down San Francisco’s many hills. By the end of the ride, the GeoOrbital was producing a rougher ride and making more racket than usual. I got home, removed the excess rubber from the wheels, charged the bike and didn’t have the same problem on any subsequent rides.

OLYMPUS DIGITAL CAMERA

Other than that hiccup, the wheel was easy to charge, install and riding it was enjoyable. It’s nice to get to a destination without getting all sweaty. It took my old rusty bike and made it modern and sleek. Well, sleekish — it’s still covered in rust.

Yet, I can’t justify paying $1,000 for a tire. The GeoOrbital doesn’t feel like it’s made for people like myself. A person with a sub-$1,000 bike that wants to get around town without too much fuss. Instead it feels like it’s geared towards the person that spends thousands on their bike and has a closet full of colorful spandex. Maybe during the week they still want to ride their impressively light bike to work without having to take a shower when they arrive. If you’re that person, check out the GeoOrbital. For the rest of us, get back to pedaling.

from Engadget http://ift.tt/2tYg4qg
via IFTTT

Posted on

Ethernet Cable Houses Android Computer

Ethernet Cable Houses Android Computer

vellers but could well be adapted for other uses.

The cable has an Ethernet plug at one end for plugging into a hotel wall Internet socket; there’s also support for WiFi, though that isn’t recommended as the best option. The other end is an HDMI plug. The cable also bulges slightly in the middle where it houses two USB ports and a RJ-12 serial port.

Power can come from the Ethernet socket or the TV’s HDMI socket where supported. Alternatively power can come from a USB socket on the TV or a USB charger plug to a power outlet. It’s not completely self-contained as the gadget requires a separate remote control to operate, though an API can allow third-party controllers such as a smartphone app.

The initial plan is to market it to hotels themselves and include a standard platform that includes support for IPTV, Chromecast, iOS streaming and a selection of Android apps such as Spotify and Netflix. (The makers haven’t given specs but say the processor is “blazingly fast.”)

However, the company says it’s looking into both producing customized versions for other businesses and retailers, and producing a consumer version, which would no doubt attract the interest of home modders.

[Inncable]

Advertisement



June 28, 2017 JLister
Gadgets, General, News

0 Comments

from [Geeks Are Sexy] Technology News http://ift.tt/2shQQpO
via IFTTT