科技回声

12 条评论

simonvc将近 8 年前

I worked a Maersk for a couple of years. This happened once before, we came in and all Maersk's machines were randomly shutting down.I heard later a rumour that the reason the AV didn't pick it up was it was a 0-day (stuxnet derived before that was known) and it was literally targeting the SCADA systems on boats.. but that's also the plot of Hackers, so take that with a pinch of salt.Anyway being the build/devops/tooling person on a project i burned 40 dvd's with eclipse and ubuntu and handed to them to the devs and they booted into Ubuntu and kept developing.All was going fine until i got a telling off from the Corporate IT security team complaining that our unauthorised Ubuntu machines weren't running AV and so could be introducing viruses into the network.Total facepalm.

评论 #14646151 未加载

评论 #14645842 未加载

评论 #14646168 未加载

smartbit将近 8 年前

Essence of Maersk attack in one tweet <a href="https://twitter.com/craiu/status/879690795946827776" rel="nofollow">https://twitter.com/craiu/status/879690795946827776</a>New Petrwrap/Petya ransomware has a fake Microsoft digital signature appended. Copied from Sysinternals Utils.I was sitting next to someone who wanted didn't close his laptop immediately when notified, 1 minute later it was too late. Most of my colleagues went home, even if their laptop was not infected (also over de VPN) they are no allowed to start the machine. Some departments ask people to stay home tomorrow too. Those with MacBooks continue working. And externals.In Rotterdam APM Terminals has shutdown.

评论 #14646144 未加载

评论 #14646321 未加载

评论 #14645770 未加载

r721将近 8 年前

It looks like there is a massive Petya ransomware attack:>Russia, Ukraine, Spain, France - confirmed reports about #Petya ransomware outbreak. Good morning, America.<a href="https://twitter.com/codelancer/status/879688596852101120" rel="nofollow">https://twitter.com/codelancer/status/879688596852101120</a>>Petrwrap/Petya ransomware variant with contact wowsmith123456@posteo.net spreading worldwide, large number of countries affected.<a href="https://twitter.com/craiu/status/879689411419668480" rel="nofollow">https://twitter.com/craiu/status/879689411419668480</a>Sample: <a href="https://twitter.com/benkow_/status/879692704724250628" rel="nofollow">https://twitter.com/benkow_/status/879692704724250628</a>Articles:<a href="http://www.independent.co.uk/news/world/europe/ukraine-cyber-attack-hackers-national-bank-state-power-company-airport-rozenko-pavlo-cabinet-a7810471.html" rel="nofollow">http://www.independent.co.uk/news/world/europe/ukraine-cyber...</a><a href="https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now" rel="nofollow">https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomwa...</a>

评论 #14645997 未加载

onion2k将近 8 年前

A shipping company being attacked by malware worm designed to steal money is literally the plot of the movie Hackers.

评论 #14646350 未加载

secfirstmd将近 8 年前

Hey, FWIW we had to do some response for ransomware cases recently. There was a lack of decent stuff out there for how IT teams should deal with it. So we contributed to putting together this quick checklist:<a href="https://github.com/0xswap/guides/blob/master/ransomware-triage.txt" rel="nofollow">https://github.com/0xswap/guides/blob/master/ransomware-tria...</a>Would be great if more people wanted to add to it.

fest将近 8 年前

About a year ago:One morning a colleague notices that a particular Windows share used by every EE in the multi-national company now contains encrypted files and generic request for ransom.Highlight of the e-mail thread that followed: "<Name of another coworker whose account was used to encrypt files>, virus again?"

pasta将近 8 年前

There are reports of other large companies that currently are being infected.It almost looks like the virus has been slumbering in systems and today woke up.

vuln将近 8 年前

I laughed way too hard at this.'Petya sees you when you're sleepingPetya knows when you're awakeDon't click the link in that email or IR gets no break'<a href="https://twitter.com/FourOctets/status/879700290395439105" rel="nofollow">https://twitter.com/FourOctets/status/879700290395439105</a>

nthcolumn将近 8 年前

Not just Maersk. Petya going global. Writes to boot sector.

评论 #14646226 未加载

NeutronBoy将近 8 年前

WaPo have just published a story about the attacks <a href="https://www.washingtonpost.com/world/europe/ukraines-government-key-infrastructure-hit-in-massive-cyberattack/2017/06/27/7d22c7dc-5b40-11e7-9fc6-c7ef4bc58d13_story.html" rel="nofollow">https://www.washingtonpost.com/world/europe/ukraines-governm...</a>

Hoshea将近 8 年前

Anything special about the way this one is spreading or just the usual suspects?

评论 #14645757 未加载

评论 #14645630 未加载

proyb2将近 8 年前

DBSchenker and many logistic companies are still running Windows XP on some legacy PC. I have encountered one PC had ransomware too.

评论 #14645624 未加载

评论 #14645914 未加载

12 条评论

simonvc将近 8 年前

评论 #14646151 未加载

评论 #14645842 未加载

评论 #14646168 未加载

smartbit将近 8 年前

评论 #14646144 未加载

评论 #14646321 未加载

评论 #14645770 未加载

r721将近 8 年前

评论 #14645997 未加载

onion2k将近 8 年前

A shipping company being attacked by malware worm designed to steal money is literally the plot of the movie Hackers.

评论 #14646350 未加载

secfirstmd将近 8 年前

fest将近 8 年前

pasta将近 8 年前

There are reports of other large companies that currently are being infected.It almost looks like the virus has been slumbering in systems and today woke up.

vuln将近 8 年前

nthcolumn将近 8 年前

Not just Maersk. Petya going global. Writes to boot sector.

评论 #14646226 未加载

NeutronBoy将近 8 年前

Hoshea将近 8 年前

Anything special about the way this one is spreading or just the usual suspects?

评论 #14645757 未加载

评论 #14645630 未加载

proyb2将近 8 年前

DBSchenker and many logistic companies are still running Windows XP on some legacy PC. I have encountered one PC had ransomware too.

评论 #14645624 未加载

评论 #14645914 未加载

Maersk IT systems infected with ransomware

12 条评论

Maersk IT systems infected with ransomware

12 条评论