Connect with us

Technology

Petya Or NotPetya: Why The Latest Ransomware Is Deadlier Than WannaCry

mm

Published

on

The world suffered another ransomware nightmare on Tuesday, with pharmaceutical companies, Chernobyl radiation detection systems, the Kiev metro, an airport and banks all affected. One U.S. hospital also appears to be a victim. Worse is expected, thanks to some pernicious features in the ransomware sample.

The malware widely believed to be responsible is a version of Petya which security researchers are calling “NotPetya”. It’s similar to Petya, but different enough to qualify as an entirely new form of ransomware, researchers say. Backing up NotPetya is an exploit method borrowed from a leaked NSA hack called EternalBlue, the same which WannaCry used to infect hundreds of thousands of computers and take down hospital networks. Though with the new strain, only computers on a local network are scanned, not the entire internet, as WannaCry attempted.

Mayday! Mayday! I’ve Been Hacked

That’s cause for embarrassment among infected companies: Microsoft released a patch earlier this year which prevented any EternalBlue hacks, even pushing out updates for older, unsupported Windows systems like XP. Businesses should have patched by now, especially given the carnage WannaCry caused.

Extra powers

NotPetya has some extra powers that security experts say make it deadlier than WannaCry. While EternalBlue has allowed it to spread via a weakness in Windows’ SMB, it has other tools for moving at speed across networks. For instance, according to former NSA analyst and cybersecurity entrepreneur David Kennedy, the ransomware finds passwords on the infected computer to move to other systems. It does that by extracting passwords from memory or from the local filesystem, he explained.

“This is going to be a big one. Real big one,” Kennedy added.

Another proliferation technique is NotPetya’s abuse of PsExec. The tool is meant to carry out limited actions on other systems, but in this case its  spreading the infection by executing malicious code on other computers. For instance, if the infected PC has administrator access to the network, every computer can become infected. A similar method is used by NotPetya with the Windows Management Instrumentation (WMI) tool, according to security expert Kevin Beaumont.

“This dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and hopefully most vulnerabilities have been patched,” said ESET researcher Robert Lipovsky. “It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.”

Perhaps most crucially, thanks to all these added features, the new strain will infect even patched Windows PCs, including those with Windows 10, as one IT professional noted in a blog, whereas WannaCry worked largely on older systems.

A Microsoft spokesperson said the company was aware of the reports and was investigating, adding: “Our initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 [the EternalBlue vulnerability MS17-010]. As ransomware also typically spreads via email, customers should exercise caution when opening unknown files. We are continuing to investigate and will take appropriate action to protect customers.” It also claimed its anti-malware product, Windows Defender, detected and blocked the malware.

Pro ransomware

This latest attack appears to be the work of a professional group, unlike WannaCry, which was full of bugs and had a killswitch. which a British security researcher accessed and turned off (though more infections occurred just last week). There is no obvious killswitch with NotPetya, which Kaspersky said has infected at least 2,000 organizations across the globe, including Ukraine, Russia, the U.K. and the United States.

NotPetya’s professionalism might come from Petya’s birth in the bustling, highly technical cybercriminal underground. Jakub Kroustek, Threat Lab Team lead at Avast, said: “One of the perfidious characteristics of Petya ransomware is that its creators offer it on the darknet with an affiliate model which gives distributors a share of up to 85% of the paid ransom amount, while 15% is kept by the malware authors.” This kind of “ransomware-as-a-service” has been a growing concern of late, given it opens up the crime to a non-technical audience.

Whatever the class of criminal behind today’s outbreak, they’ve had a good pay day, though not an astounding one. At the time of publication, 22 payments had been made to 2.39818893 Bitcoin, worth around $5,515.

Anyone even considering paying hackers to unlock their computers should reverse course, however: the email account set up to provide keys has been shut down by the provider, Posteo. Thanks to that, there’s no obvious way of recovering files without backups. – Written by Thomas Fox-BrewsterFORBES STAFF

Continue Reading
Advertisement
Comments

Technology

‘AI Is A Powerful Tool’

Published

on

Research forecasts that by 2025, machines will perform more current work tasks than humans. Murat Sonmez, member of the managing board, and Head of the Centre for the WEF Fourth Industrial Revolution Network, expands on the role humans might play.


The Fourth Industrial Revolution (4IR) is at the center of the current economic frontier. In reality, is Africa prepared for such changes?

Moving quickly and being agile are key principles of success in the 4IR. Any country can succeed if they take on this mindset. A few years ago, Rwanda saw the opportunities drones, a 4IR technology, brought to their country.

They helped save over 800 lives by delivering blood to remote villages. To scale this, the government worked with the World Economic Forum’s (WEF) drones’ team to create the world’s first agile airspace regulation. Now, we see countries in Africa and around the world looking to the Rwandan model.

READ MORE | 5 Ways Tech Can Revolutionize Education

What feasible solutions can  artificial intelligence (AI) offer in terms of forecasting natural disasters, droughts food security on the African continent?

AI can help predict diseases, increase agriculture yields and help first responders. It is a powerful tool for governments and businesses, but it needs a lot of data to be effective.

For AI to be all that it can be, countries and companies need to work together to build frameworks for better management and protection of our data and ensure that it is shared and not stored in silos. Data is the oxygen of the (4IR). If countries do not leverage data and have their policies in place, they will be left behind.

There is a growing concern that the 4IR will strip people of jobs, of which there is already a shortage. How true is this?

The world is going through a workplace revolution that will bring a seismic shift in the way humans work alongside machines and algorithms.

Latest research from the WEF forecasts that by 2025, machines will perform more current work tasks than humans, compared to 71% being performed by humans today.

READ MORE | Roadmap For African Startups

The rapid evolution of machines and algorithms in the workplace could create 133 million new roles in place of 75 million that will be displaced between now and 2022.

Consumers have real concerns around the potential harm technology can cause in areas such as privacy, misinformation, surveillance, job loss, environmental damage and increased inequality. What ethical precautions are being considered in the robotics space?

Now more than ever, it is important to incorporate ethics into the design, deployment and use of emerging technology. Innovating in the 4IR requires addressing concerns around privacy and data ownership, while attracting the skills and forward-looking thinkers of the future.

There are big challenges and bigger opportunities ahead. We have seen many companies and countries create ethical and human rights-based frameworks. What’s important is they are co-designed with members of both communities along with academia, civil society and start-ups.

A multi-stakeholder approach will result in a more holistic set of guidelines and principles that can be adopted in many different industries and geographies.

READ MORE | It’s Time For Africa’s Gazelles To Shine

What changes need to take place for the African continent to be on par with global developments, and are there tangible goals set?

The 4IR provides governments the opportunity to be global leaders in shaping the next 20 to 30 years of science and technology. It is important they create an environment where companies can innovate.

The other tenet is to be open to working across borders and learning from each other. The global health industry has access to mountains of data on rare diseases, but it is trapped within countries and sometimes even within the hospital walls.

If we can build trust and find innovative ways to share the data while protecting privacy, we can employ tools like AI to help us cure disease faster. Countries and companies need to have the right governance frameworks and mechanisms in place for these breakthroughs to happen. It is possible to do these things now, but we need to work together to make it happen.

Continue Reading

Current Affairs

Businesses At The Heart Of A Greener Future

mm

Published

on

With every day that passes by it becomes more apparent that the Earth is deteriorating and time is running out to save it. Scientists have estimated that we have less than a decade to save the planet before it is irreversibly damaged, mainly due to climate change.

Businesses claim the largest percentage of global emissions (at approximately 70% since 1988, according to The Guardian) which is an alarming statistic, especially in a time when the planet’s well-being is being compromised.

Many large business corporations are hastily coming on board with operating sustainably by transforming their practices and placing business ethics at the forefront of their priorities.

READ MORE | The Most Sustainable Companies In 2019

Last week, a round table discussion was held at the Fairlawns Boutique Hotel, Sandton hosted by Environmental Resources Management (ERM) – the world’s largest sustainability consulting firm. Their aim was to discuss how imperative it is for African businesses to get on board with sustainability.

“We have been talking about how to be sustainable for a long time but now it is time for us to do sustainability,” says Thapelo Letete, Technical Director of ERM.

An engaging and thought-provoking panel discussion ensued with representatives from ERM and mining companies, Anglo American and Gold Fields. They emphasized the importance of sustainability being recognized by investors, especially in mining and oil companies that rely solely on Earth’s natural resources.

Civil society has a colossal role to play in ensuring the sustainability of businesses. Due to the law of supply and demand in production, consumers are being urged to be mindful of their buying habits and to make sustainable decisions. These are as simple as minimizing the utilization of plastic straws by replacing them with metal or paper straws and reusable shopping bags and by recycling selected items.

READ MORE | Challenging The Gender Divide

“Research suggests that socially and environmentally responsible practices have the potential to garner more positive consumer perceptions of (businesses), as well as increases in profitability,” according to an entry in Sage Journals published in May.

The advancement of science, artificial intelligence and the rapid growth of the technological industry make it an undeniable fact that the Fourth Industrial Revolution is underway. Many businesses across the globe seem to be well prepared for this change. However, businesses in Africa seem to be vulnerable. 

“It is difficult to say that all businesses in Africa are prepared for it. It is not a country specific thing but it does vary across corporations. There will be businesses that are well prepared and businesses that are not so well prepared,” says Keryn James, CEO of ERM.

A large part of sustainability also relies on empowerment and equality. Sub-Saharan Africa has the highest number of female-owned businesses who contribute a large amount of money towards their respective countries’ GDPs. However, most of these businesses struggle with the issue of scaling.

“Women sometimes underestimate their ability and they don’t necessarily  have the confidence that they should have about the value that their businesses present. Women often take less risks than men,” says James.

“The issue of scaling is one that we see globally. One of the issues are access to funding to support in the investment and growth of their businesses.”

READ MORE | Mastercard: Diligent About Digital In Africa

Going forward, the availability of mentorship programmes and skills development opportunities for women, especially black women in business should be encouraged.

According to a study done by the UN Women’s organization, an average of 3 out of 7 women score higher in performance when they are placed in senior managerial positions. Additionally, if more women work, the more countries can exponentially maximise their economic growth.

Women will be empowered when given the correct skills and opportunities to be able to run their own businesses independently which would ultimately lead to the scaling of female-owned businesses in Africa and sustainable development.

The Nedbank Capital Sustainable Business Awards aim to recognize the efforts of businesses that operate sustainably and to encourage other corporations who intend to adopt more sustainable strategies into their practices. Initiatives such as these prove that business value also depends on how sustainable they are.

It is clear that the prioritization of sustainability and accountability in businesses is the only way forward in the midst of this global crisis. With a combination of will and the rigorous work that African businesses have put into sustainability initiatives and strategies, it is easier to be optimistic about our planet’s wellbeing.

-Buhle Ntusi

Continue Reading

Current Affairs

Ex-Google Staffer Says After Split With Chief Legal Officer David Drummond: ‘Hell Does Not Begin To Capture My Life’

mm

Published

on

By

Former Google employee Jennifer Blakely has written a scathing blog post with allegations about how her affair with chief legal officer David Drummond unfolded.


A former member of Google’s legal team who says she had a child with the company’s chief legal officer, David Drummond, has written a scathing blog post about the way that their relationship unfolded within the search engine giant, including that he issued “terrifying threats” to take custody of their child after initially refusing to pay child support.

In a Medium post, Jennifer Blakely says that she was inspired to detail her experience after an explosive New York Times story last fall put a spotlight on how the company shielded top executives from harassment claims and sparked massive employee protests.

“Looking back, I see how standards that I was willing to indulge early on became institutionalized behavior as Google’s world prominence grew and its executives grew more powerful,” Blakely writes.

READ MORE | Google, Facebook, Twitter Fail To Live Up To Fake News Pledge

“Women that I worked with at Google who have spoken to me since the New York Times article have told me how offended they were by the blatant womanizing and philandering that became common practice among some (but certainly not all) executives, starting at the very top.” 

While her relationship with the married Drummond was included in the Times story and first reported byThe Information in November 2017, this is the first time Blakely has written about the experience herself.

Drummond is one of several current and former Google executives who has reportedly had relationships with employees or extramarital affairs, including Eric Schmidt, Sergey Brin, and Andy Rubin.

READ MORE | Calling Out Sexual Harassment

Blakely alleges that after their relationship ended, Drummond had another relationship with a subordinate, which is against Google’s workplace policy. He is still employed by Google and made more than $47 million last year. 

Blakely says that she started working in Google’s legal department under Drummond in 2001 and that after he told her that he was estranged from his wife, they began a relationship in 2004. She says the two had a child together in 2007 and that Google’s human resources department then told her that one of them had to leave the department.

She moved to sales, an area where she had no experience, and subsequently struggled with her work. Blakely alleges that after she ultimately left the company at Drummond’s urging in 2008, but that while they were living together in Palo Alto, he broke off their relationship via text message.

“‘Hell’ does not begin to capture my life since that day,” she writes. “I’ve spent the last 11 years taking on one of the most powerful, ruthless lawyers in the world. From that fateful night forward, David did things exclusively on his terms.” 

She alleges that Drummond initially refused to see their son or pay child support, and then fought against her in a custody battle. While she says they ultimately reached a settlement and he began paying child support, she writes that “months or years” would go by when he wouldn’t see their son. In 2014, Drummond allegedly showed her an article about Eric Schmidt’s reported history of extramarital affairs during an argument, implying that the executive’s position granted him impunity.

READ MORE | Young women in Soweto, South Africa, say healthy living is hard. Here’s why

“His ‘personal life’ (which apparently didn’t include his son) was off limits and since I was no longer his ‘personal life’ it was time for me to shut up, fall in line and stop bothering him with the nuisances or demands of raising a child,” Blakely writes.

Blakely’s story is the latest in a string of public posts from former Google employees highlighting issues with the company’s culture and policies (or their lack of enforcement).

One of the women who helped organize last fall’s protests, Claire Stapelton, recently wrote about her experience with retaliation, another employee detailed the disappointing way the company’s human resources department dealt with her harassment reports, and former senior engineer Liz Fong-Jones posted about “grave concerns” with the company’s decision making in general.

The outspokenness of Google employees exemplifies — and has helped spur — a broader activism in the tech sector that has seen workers speaking out against their employer’s internal policies and business decisions.

Blakely’s post also taps into the larger #MeToo movement which has drawn attention to sexual harassment and abuse in the workplace across industries.

“Until truth is willing to speak to power and is heard, there’s not going to be the sea change necessary to bring equality to the workplace,” she writes.

Neither Google nor Drummond immediately responded to a request for comment. 

This story is developing.

-Jillian D’Onfro; Forbes

Continue Reading

Trending