Tag Archives: Ransomware

Here We Go Again: JBS “Paid” “Russian” “Hackers” $11 Million In Bitcoin To Resolve “Ransomware” Attack, by Tyler Durden

Are the purported Colonial Pipelines and JBS hacks and ransomware merely government propaganda efforts against cryptocurrencies? From Tyler Durden at zerohedge.com:

There was a moment of sheer hilarity earlier today when, during a Congressional Hearing, the CEO of Colonial Pipeline Joseph Blount took the merely farcical episode of the Colonial Pipeline ransomware hack – when, as a reminder, a ragtag band of elite “Russian” hackers somehow managed to penetrate the company’s cyberdefenses but was so stupid it left most if not all of the $4.4 million bitcoins it demanded in ransom in an easily traceable address for the FBI to track down and magically confiscate (it is still unclear how the Feds got the private key to access the “hackers” digital wallet) in days if not hours – and elevated it to a level of sheer ridiculous absurdity when he told Congress that he didn’t consult the FBI before paying the ransom.

This, pardon the parlance of our times, is complete bullshit: either the CEO is lying or, worse, he is telling the truth and as some have speculated, he, the FBI and the “hackers” are all in on this so-called ransomware breach…

… a scenario which for now is yet another “conspiracy theory” and which we expect will become proven fact in the usual 6-9 months.

Yet just a few hours later, the exact same ridiculous narrative meant to achieve just one thing – tarnish the reputation of bitcoin further to the point where the US has to ban it – has struck again, and according to the WSJ last week’s big hack, that of food processing giant JBS, was also resolved when the company paid $11 million – in bitcoin of course, because in this day and age one can’t simply dump a suitcase full of cash or send a wire transfer to an incognito account – as ransom to the criminals (who will naturally soon be unveiled as Russians because of course) responsible for the cyberattack that halted the company’s operations.

Continue reading→

What, We Worry? by Robert Gore


Crowd psychology, not news, drives markets.

SLL reviewed Robert Prechter’s The Socionomic Theory of Finance, the thesis of which is that financial markets, particularly equity markets, are driven by endogenous social mood, not news developments or other “fundamentals.” If ever a market session supported the socionomic hypothesis, yesterday’s did.

Over the weekend hundreds of thousands of computers around the world were afflicted by ransomware called WannaCry that encrypts files and makes them inaccessible unless the owner forks over a Bitcoin payment. The ransomware exploited a bug in Microsoft software of which the company was aware and for which it had made available a patch. However, users had to download the patch, and for an older version of software, users had to pay for it, so many computers were still vulnerable. Although the hackers who distributed the ransomware are unknown, apparently they used an exploit codenamed ETERNALBLUE, originally developed by the NSA, to penetrate Microsoft’s software.

A computer security expert discovered a kill switch in WannaCry that stopped the program from spreading by diverting it to a dead-end on the internet, but there may be a variant that does not have the kill switch. It is unknown how far the program will spread or what havoc it will ultimately wreak. What is crystal clear, however, is what many computer experts have warned of for years: many of the world’s computers and much of the infrastructure, including the internet, is highly vulnerable to disruption or outright shutdown.

This was just ransomware that hit Microsoft software, demanding $300 ransom per machine. It doesn’t take much imagination to envision scenarios where the ransom is say, $10 billion from a government, and the threat is that a substantial chunk of the Internet, electric grid, the government’s defense and intelligence systems, or some other critical function goes down. This cannot be dismissed as far-fetched because nobody on the planet knows but a small fraction of who has what hacking capability or access to what computers and networks, or what’s already been hacked. As the NSA just demonstrated, Intelligence agencies, who you might think have the best handle on the matter, have had their hacks hacked. (Wikileaks Vault 7 release disclosed the CIA’s hacking tools.)

How did the stock market react to this blatant demonstration of technological vulnerability? The Dow was up 89, the S&P up 11, and the Nasdaq composite was up 29. The stock market has been powered this year by Alphabet (Google), Amazon, Apple, Netflix, Facebook, and Microsoft. Any kind of extended disruption of the Internet or pervasive, disabling computer virus or worm would cost these companies billions of dollars and whack their share prices. Yet, Alphabet was up $4.08, Amazon down $3.98, Apple down $.45, Netflix down $.70, Facebook down $.13, and Microsoft up $.05. Hardly earth-shattering moves.

The legions of speculators, investors, and commentators who look for exogenous causes of stock market movements will perhaps say that WannaCry was dismissed because the damage was limited. However, the reported number of computers that have been affected rose all day, and there were news stories that at least one variation of the ransomware had no kill switch, which means it could proliferate unchecked. So during the trading day, nobody really knew how bad the damage was or how bad it would get. Also, while all the implications for computer and network security are not fully known, this incident, the worst of its kind so far, is a loud and clear warning of proliferating risks. Those risks are especially worrisome for companies whose business models depend on computers and the internet.

All of which was apparently irrelevant to the stock market yesterday, joining a lengthy historical list of exogenous factors that “should” have moved the market, but didn’t (see Prechter’s book for many more examples). Crowd psychology drives the market, not the news, and right now the crowd is manifestly bullish.

Disclaimer: Robert Gore has no position in any of the stock indexes or technologically vulnerable and richly valued companies mentioned in this article, and thinks anybody who does is living on borrowed time.





Microsoft Slams NSA For Letting Its Hacking Tools Cause Global Malware Epidemic, by Tyler Durden

From Wikileaks we know that the CIA exploits vulnerabilities in technology companies’ hardware and software without informing them of the vulnerabilities. Not surprisingly, the NSA apparently does too, and it’s blowing up in a big way. From Tyler Durden at zerohedge.com:

In early April, when we reported that the hacker group known as the Shadow Brokers had released the password to NSA’s “Top Secret Arsenal” of tools that allowed anyone to “back door” into virtually any computer system (in what it claimed was a protest of Trump’s betrayal), few people noticed. On Friday, however, the entire world did notice when an unknown group of hackers reportedly used the same set of NSA-created tools to launch a global malware cyberattack using the WannaCry ransomware virus, holding at least 200,000 computer systems around the globe hostage, and demanding a payment of $300 in bitcoin to unlock infected computers, or else threatening to wipe out the contents of the host machine.

The crippling, global attack prompted Europol to warn that Monday could be a dark day for an unknown number of Windows XP-based systems which could simply fail to start, leading to massive productivity losses around the globe, while others predicted that the spread of the worm could accelerate in the coming days once the hackers bypass the temporary measure that prevented further distribution of the worm over the weekend.

Meanwhile, on Sunday afternoon, Microsoft itself got involved in the global hacking scandal and criticized the NSA for its role in spreading the WannaCry epidemic; specifically the tech giant urged governments to use and store their cyber warfare tools responsibly.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Microsoft President and Chief Legal Officer Brad Smith wrote in a blog post this afternoon. “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”

To continue reading: Microsoft Slams NSA For Letting Its Hacking Tools Cause Global Malware Epidemic



Putin Jabs NSA For Letting The Ransomware “Genies Out Of The Bottle”, by Tyler Durden

Either by design or out of ignorance, the media is not giving this story the attention it deserves, nor is it delineating its many disturbing implications. Perhaps nobody wants to fire up potential copycats, but the state of computer security around the world is gravely inadequate and the consequences will most likely be disastrous. From Tyler Durden at zerohedge.com:

Following the worldwide “Wanna Cry” cyber attack that was launched last Friday and quickly spread to thousands of computers, Vladimir Putin took a jab at the NSA for authoring tools that “may harm their own authors and creators” should the “genies be let out of the bottle.”  Per The Hill:

“We are fully aware that the genies, in particular, those created by secret services, may harm their own authors and creators, should they be let out of the bottle.”

“Microsoft’s management has made it clear that the virus originated from US intelligence services.”

For those who haven’t followed the story closely, the outbreak of the virus, dubbed WannaCry, began last Friday. According to cybersecurity experts, and subsequently confirmed by Microsoft, the WannaCry virus is based on an NSA-developed tool that was leaked to the public by a group called Shadow Brokers. The virus, which is ravaging computer networks worldwide, encrypts user files and demands a ransom in cryptocurrency Bitcoin to release them.

Here is an animated map from the NYT showing how quickly the virus spread:

[Please refer to linked story for map]

Microsoft, which has criticized the American spy agencies for their alleged role in creating the situation, released a patch for its no longer supported Windows XP operating system to prevent computers still running it from being infected. The tech company patched a vulnerability in its newer supported software last month after the leak was made public, but operating systems that were not updated are still vulnerable.

Meanwhile, Microsoft President and Chief Legal Officer Brad Smith, blasted “the stockpiling of vulnerabilities by governments” which then get leaked into the public domain as equivalent to the “U.S. military having some of its Tomahawk missiles stolen.”

To continue reading: Putin Jabs NSA For Letting The Ransomware “Genies Out Of The Bottle”

“Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools, by Tyler Durden

It’s obviously distutrbing that 57,000 computers have been hacked, but it’s even more disturbing that the hackers may have been using tools from our own beloved NSA. From Tyler Durden at zerohedge.com:

The ransomware has been identifed as WannaCry

* * *

Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,

Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.

Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.

As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

To continue reading: “Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools