Connect with us

Technology

Petya Or NotPetya: Why The Latest Ransomware Is Deadlier Than WannaCry

Published

on

The world suffered another ransomware nightmare on Tuesday, with pharmaceutical companies, Chernobyl radiation detection systems, the Kiev metro, an airport and banks all affected. One U.S. hospital also appears to be a victim. Worse is expected, thanks to some pernicious features in the ransomware sample.

The malware widely believed to be responsible is a version of Petya which security researchers are calling “NotPetya”. It’s similar to Petya, but different enough to qualify as an entirely new form of ransomware, researchers say. Backing up NotPetya is an exploit method borrowed from a leaked NSA hack called EternalBlue, the same which WannaCry used to infect hundreds of thousands of computers and take down hospital networks. Though with the new strain, only computers on a local network are scanned, not the entire internet, as WannaCry attempted.

Mayday! Mayday! I’ve Been Hacked

That’s cause for embarrassment among infected companies: Microsoft released a patch earlier this year which prevented any EternalBlue hacks, even pushing out updates for older, unsupported Windows systems like XP. Businesses should have patched by now, especially given the carnage WannaCry caused.

Extra powers

NotPetya has some extra powers that security experts say make it deadlier than WannaCry. While EternalBlue has allowed it to spread via a weakness in Windows’ SMB, it has other tools for moving at speed across networks. For instance, according to former NSA analyst and cybersecurity entrepreneur David Kennedy, the ransomware finds passwords on the infected computer to move to other systems. It does that by extracting passwords from memory or from the local filesystem, he explained.

“This is going to be a big one. Real big one,” Kennedy added.

Another proliferation technique is NotPetya’s abuse of PsExec. The tool is meant to carry out limited actions on other systems, but in this case its  spreading the infection by executing malicious code on other computers. For instance, if the infected PC has administrator access to the network, every computer can become infected. A similar method is used by NotPetya with the Windows Management Instrumentation (WMI) tool, according to security expert Kevin Beaumont.

“This dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and hopefully most vulnerabilities have been patched,” said ESET researcher Robert Lipovsky. “It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.”

Perhaps most crucially, thanks to all these added features, the new strain will infect even patched Windows PCs, including those with Windows 10, as one IT professional noted in a blog, whereas WannaCry worked largely on older systems.

A Microsoft spokesperson said the company was aware of the reports and was investigating, adding: “Our initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 [the EternalBlue vulnerability MS17-010]. As ransomware also typically spreads via email, customers should exercise caution when opening unknown files. We are continuing to investigate and will take appropriate action to protect customers.” It also claimed its anti-malware product, Windows Defender, detected and blocked the malware.

Pro ransomware

This latest attack appears to be the work of a professional group, unlike WannaCry, which was full of bugs and had a killswitch. which a British security researcher accessed and turned off (though more infections occurred just last week). There is no obvious killswitch with NotPetya, which Kaspersky said has infected at least 2,000 organizations across the globe, including Ukraine, Russia, the U.K. and the United States.

NotPetya’s professionalism might come from Petya’s birth in the bustling, highly technical cybercriminal underground. Jakub Kroustek, Threat Lab Team lead at Avast, said: “One of the perfidious characteristics of Petya ransomware is that its creators offer it on the darknet with an affiliate model which gives distributors a share of up to 85% of the paid ransom amount, while 15% is kept by the malware authors.” This kind of “ransomware-as-a-service” has been a growing concern of late, given it opens up the crime to a non-technical audience.

Whatever the class of criminal behind today’s outbreak, they’ve had a good pay day, though not an astounding one. At the time of publication, 22 payments had been made to 2.39818893 Bitcoin, worth around $5,515.

Anyone even considering paying hackers to unlock their computers should reverse course, however: the email account set up to provide keys has been shut down by the provider, Posteo. Thanks to that, there’s no obvious way of recovering files without backups. – Written by Thomas Fox-BrewsterFORBES STAFF

Technology

Where The Medium’s The Topic And The Topic is Topical

Published

on

UJ, 4IR, and the CloudebateTM concept

UJ is the University of Johannesburg. 4IR is the Fourth Industrial Revolution. CloudebateTM? Well – it’s a place where really interesting questions are asked, such as: is the academic thesis a thing of the past? Have books outlived their physical form? Are we witnessing the demise of childhood? Will eye-tracking, sip and puff, or exoskeletons lead to true equality of opportunity? Will society change Africa? Will Africa help change society? Will education teach our children what they really need to know? And if so, how?

As 4IR sweeps the world, sending many preconceptions, predilections, and presuppositions tumbling as it goes, UJ sees the asking of questions like these as a fundamental response. And it’s responding because, since 2013, when it first embarked on its strategy of global excellence and stature, the university saw a clear need to take the lead in exploring the applications, implications and potential of 4IR. What’s more, it saw a need to do this not just as part of its positioning as a thought-leader on the continent, but as part of making a proactive and positive contribution towards African society, education and enablement.

A vision of width, a platform of depth

It’s a significant vision, and as part realising it, UJ has been investigating new and challenging ways, not just of identifying the issues at stake, but of presenting them in depth. It sought a way that would bring medium and content, idea and action, debate and initiative, together on one unique platform.

And that unique platform, one that UJ has not only created, but given a unique name to as well, is the CloudebateTM

The CloudebateTM

The CloudebateTM has essentially taken the traditional debate/panel discussion and reimagined it, placing it firmly within the realm of its own 4IR scope, and using the latest live-streaming technology. It is the place where 4IR ideas that have been identified as relevant, meaningful, challenging and thought-provoking are placed before an expert panel as well as an online audience who are invited to participate in real time, online, in a very 4IR way, in the discussion, analysis and dissection.  

There have been seven Cloudebates held so far, and their names provide an insight into their capacity to provoke thought: The Way Tomorrow Works; Digitally Equal; Is 4IR the Demise of Childhood? Questioning the Answers; Obsolete or Absolute? Should Books be Shelved? Adding Muscle to Open Doors.

When thought is action

It’s all about the kind of world we are creating for our children to inhabit. What will the elimination of jobs do to society? Are children growing directly into the immediacy of adulthood? Are academic theses outdated? Are libraries passé? Can technology enable opportunity equally for all?

The digital reach has been immense, not just in South Africa but globally, where it has found a worldwide audience. Moreover, UJ’s CloudebateTM initiative is set to continue into 2020 with further challenges to our received wisdom, our perceived way of doing things. So, if you have any stimulating 4IR topics that you would like to see discussed, send them to [email protected] – UJ would love to hear from you. And if you’d like to see the discussions that have already taken place, then just go to uj.ac.za/4IR, where you can watch, and take a view of your own.

Creating tomorrow

With its innovative CloudebateTM concept, UJ’s pursuit of global excellence has been a most rewarding journey that will continue to develop and expand along with 4IR, and along with UJ’s ongoing commitment to creating tomorrow.

Content provided by the University of Johannesburg

Continue Reading

30 under 30

Applications Open for FORBES AFRICA 30 Under 30 class of 2020

Published

on

FORBES AFRICA is on the hunt for Africans under the age of 30, who are building brands, creating jobs and transforming the continent, to join our Under 30 community for 2020.


JOHANNESBURG, 07 January 2020: Attention entrepreneurs, creatives, sport stars and technology geeks — the 2020 FORBES AFRICA Under 30 nominations are now officially open.

The FORBES AFRICA 30 Under 30 list is the most-anticipated list of game-changers on the continent and this year, we are on the hunt for 30 of Africa’s brightest achievers under the age of 30 spanning these categories: Business, Technology, Creatives and Sport.

Each year, FORBES AFRICA looks for resilient self-starters, innovators, entrepreneurs and disruptors who have the acumen to stay the course in their chosen field, come what may.

Past honorees include Sho Madjozi, Bruce Diale, Karabo Poppy, Kwesta, Nomzamo Mbatha, Burna Boy, Nthabiseng Mosia, Busi Mkhumbuzi Pooe, Henrich Akomolafe, Davido, Yemi Alade, Vere Shaba, Nasty C and WizKid.

What’s different this year is that we have whittled down the list to just 30 finalists, making the competition stiff and the vetting process even more rigorous. 

Says FORBES AFRICA’s Managing Editor, Renuka Methil: “The start of a new decade means the unraveling of fresh talent on the African continent. I can’t wait to see the potential billionaires who will land up on our desks. Our coveted sixth annual Under 30 list will herald some of the decade’s biggest names in business and life.”

If you think you have what it takes to be on this year’s list or know an entrepreneur, creative, technology entrepreneur or sports star under 30 with a proven track-record on the continent – introduce them to FORBES AFRICA by applying or submitting your nomination.

NOMINATIONS AND APPLICATIONS CRITERIA:

Business and Technology categories

  1. Must be an entrepreneur/founder aged 29 or younger on 31 March 2020
  2. Should have a legitimate REGISTERED business on the continent
  3. Business/businesses should be two years or older
  4. Nominees must have risked own money and have a social impact
  5. Must be profit generating
  6. Must employ people in Africa
  7. All applications must be in English
  8. Should be available and prepared to participate in the Under 30 Meet-Up

Sports category

  1. Must be a sports person aged 29 or younger on 31 March 2020
  2. Must be representing an African team
  3. Should have a proven track record of no less than two years
  4. Should be making significant earnings
  5. Should have some endorsement deals
  6. Entrepreneurship and social impact is a plus
  7. All applications must be in English
  8. Should be available and prepared to participate in the Under 30 Meet-Up

Creatives category

  1. Must be a creative aged 29 or younger on 31 March 2020
  2. Must be from or based in Africa
  3. Should be making significant earnings
  4. Should have a proven creative record of no less than two years
  5. Must have social influence
  6. Entrepreneurship and social impact is a plus
  7. All applications must be in English
  8. Should be available and prepared to participate in the Under 30 Meet-Up

Your entry should include:

  • Country
  • Full Names
  • Company name/Team you are applying with
  • A short motivation on why you should be on the list
  • A short profile on self and company
  • Links to published material / news clippings about nominee
  • All social media handles
  • Contact information
  • High-res images of yourself

Applications and nominations must be sent via email to FORBES AFRICA journalist and curator of the list, Karen Mwendera, on [email protected]

Nominations close on 3 February 2020.

Continue Reading

Technology

Facebook Is Still Leaking Data More Than One Year After Cambridge Analytica

Published

on

By

Facebook said late Tuesday that roughly 100 developers may have improperly accessed user data, which includes the names and profile pictures of individuals in certain Facebook Groups.

The company explained in a blog post that developers primarily of social media management and video-streaming apps retained the ability to access Facebook Group member information longer than the company intended.

The company did not detail the type of data that was improperly accessed beyond names and photos, and it did not disclose the number of users affected by the leak.

Facebook restricted its developer APIs—which provide a way for apps to interface with Facebook data—in April 2018, after the Cambridge Analytica scandal broke the month before. The goal was to reduce the way in which developers could gather large swaths of data from Facebook users.

But the company’s sweeping changes have been relatively ineffective. More than a year after the company restricted API access, the company continues to announce newly discovered data leaks.

“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” Facebook said in a statement.

The social media giant says in its announcement that it reached out to 100 developer partners who may have improperly accessed user data and says that at least 11 developer partners accessed the user data within the last 60 days.

Facebook has been reviewing the ways that companies are able to collect information and personal data about its users since the New York Times reported that political consulting firm Cambridge Analytica harvested data of millions of users. Facebook later said the firm connected to the Trump campaign may have improperly accessed data on 87 million users.

The Federal Trade Commission slapped Facebook with a $5 billion fine as a result of the breach. As part of the 20-year agreement both parties reached, Facebook now faces new guidelines for how it handles privacy leaks.

“The new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products,” Facebook’s director of platform partnerships, Konstantinos Papamiltiadis, wrote in a Facebook post.

“As we work through this process we expect to find examples like the Groups API of where we can improve; rest assured we are committed to this work and supporting the people on our platform.”

Michael Nuñez

Continue Reading

Trending