To continue using CNN.com, you need to update your web browser or use a different one.
You may want to try one of the following alternatives:
- Microsoft Edge (Windows only)
- The latest version of Microsoft Internet Explorer (Windows only)
- Google Chrome
- Mozilla Firefox
Victims of the latest ransomware attack posted photos like this across social media. For the second time in as many months, hackers today are unleashing a massive multinational ransomware attack that has crippled a host of networks across the western hemisphere. The attack appears to have begun sometime Monday, with the hardest-hit targets comprised of Ukranian infrastructure, including power companies, airports, banks, state-run television stations, postal facilities and large industrial manufacturers.
Also affected were foreign operations of U.S. pharmaceutical firm Merck, advertising conglomerate WPP, French building materials vendor Saint-Gobain, Danish shipping giant AP Moller-Maersk and Pittsburgh, Penn.-based Heritage Valley Health Systems. The as-yet-unidentified hackers appear to be demanding payments of $300 (USD), and as of midday on the east coast of North America, the attack was said to still be spreading.
The ransomware, called Petwrap, is based on an older Petya variant, originating from the GoldenEye malware in December 2016, Phil Richards, chief information security officear for IT services firm Ivanti – formerly LANDESK – said in a statement. The new ransomware variant also includes the SMB exploit known as EternalBlue that was created by the United States National Security Administration, and leaked by the Shadow Brokers hacker group in April 2017.
The Petya component includes many features that enable the malware to remain viable on infected systems, including attacking the Master Boot Record, he added. The EternalBlue component enables it to proliferate through an organization that doesn t have the correct patches or antivirus/antimalware software.
This is a great example of two malware components coming together to generate more pernicious and resilient malware. Early last month, a similar ransomware campaign, also using the EternalBlue exploit purportedly stolen from the NSA s cyber weapons toolkit, resulted in more than 200,000 attacks across 150 countries.
That attack, dubbed WannaCry, also involved demands for $300 in bitcoin digital currency.
This is the same EternalBlue exploit that WannaCry used, said Allan Liska, a cyber security analyst at threat intelligence software vendor Recorded Future. It also has a secondary capability: There s an information stealer that is bundled in this attack.
In addition to doing the ransomware, it s also stealing credentials, he went on. If it can t use the EternalBlue, it s taking the stolen credentials from that box and jumping to another box in the network to try to copy the ransomware over that way. Liska, co-author of the November 2016 book Ransomware: Defending Against Digital Extortion, said the new attack reflects a series of sophisticated improvements to the malware used last time.
Last month was just the EternalBlue, he said. This is the attack where all the security experts last time were saying good thing they didn t do that.
This is the stuff that WannaCry left off, Liska continued. It s added additional capabilities and made it much easier to spread around networks even those that are fully patched. Still, for IT managed services providers (MSPs), protecting clients still largely boils down to a thorough and consistent patching regimen, and user education.
Also, Liska recommends locking down systems to prevent the running of administrative commands from too many workstations.
Those should be locally locked down, he said. As an MSP, that s where you can help their customers architect their networks to be more secure.
We need to start teaching system admins that if you need to run those commands, do them from your desktop and target to workstations that you re troubleshooting.
As with WannaCry, Liska expects this attack to diminish in scope and intensity during the coming days, with only occasional flare-ups of the malware popping up from time to time.
That s the problem with the worm, he said. We re still seeing WannaCry running around but we re seeing less and less of that. That s what I think will happen here.
Send tips and news to .
OTTAWA Prime Minister Justin Trudeau sought to assuage public fears and political complaints Tuesday that the Liberal government s decision to allow the Chinese takeover of a Canadian satellite technology company would compromise national security at home and abroad. Hytera Communications Co. Ltd. is set to take over Norsat International Inc., which manufactures radio transceivers and radio systems used by the American military and Canada s NATO partners. The private Chinese firm first made a bid for the Vancouver-based technology company in 2016, triggering a review under federal law to ensure Canadian interests weren t harmed in the foreign takeover.
It was only earlier this month that the results of the review were made public when the company said it had been informed that a formal security review wouldn t be required. Trudeau said an initial government review of the takeover, required under the Investment Canada Act, unearthed no significant national security concerns and didn t require any further reviews. The national security agencies involved in the review recommended the deal to be allowed to proceed, he said.
The review they did was adequate to give them confidence that there was no risk to national security. Therefore, their recommendation to the minister was to allow it to proceed. So we did.
Trudeau insisted that his government would never approve any foreign takeover if there is even a hint of concern that it would harm national security.
We would not move forward with approving investments under the Investment Canada Act if we were not assured and comfortable that there is no risk to national security, period, he told a news conference.
It doesn t matter what country it s from, it doesn t matter what deal it is, if there s a risk to national security, we won t move forward. The deal has been the focus of a debate over national security risks and the federal government s willingness to approve a Chinese takeover of a Canadian technology company. It also comes as the Liberals and China pursue exploratory free trade talks; Canadian government is aiming at opening up the Chinese market to domestic producers in the face of Donald Trump s America First policy on trade.
The ongoing dialogue included an agreement last week where the two countries agreed not to engage in state-sponsored hacking of each other s trade secrets and business information. Opposition MPs have repeatedly raised concerns about the Norsat takeover, there is unease among congressional representatives in the United States about allowing the Chinese firm to have access to sensitive defence technology. The Globe and Mail reported Monday that the U.S. Department of Defence is reviewing all its business dealings with Norsat as a result of the deal.
Norsat makes satellite communications systems used for national security and defence purposes. It has a number of government customers in both Canada and internationally, including the Canadian Coast Guard and the Pentagon. Trudeau said Canadian security agencies consulted American officials as part of their preliminary security screen. Last week, Norsat security holders voted overwhelmingly in favour of the takeover bid. The deal is still subject to approval by the B.C. Supreme Court as well as other regulatory approvals and certain other closing conditions. Norsat was scheduled to apply Tuesday for a final court order to approve the deal.