Big cyber one attack!

WannaCrypt
Project 01

Big cyber one attack!

Importing New!

It is an unprecedented attack which propagates since Friday against thousands of companies and mainly European institutions. 80 countries would be concerned by this coordinated and massive offensive affecting firms as Renault in France, Telefonica in Spain, FedEx or still hospitals in England, schools, universities. Dozens of thousand machines would have been affected through more than 45.000 attacks.

Of what to cause partial blockings or total of activity. To Renault, the production so has of the being stopped by precaution on certain sites as Sandouville while waiting for to being able to free the infected PC.

It is the ransomware which is at the origin of this attack: WannaCrypt (also known under names Wcry, WanaCry, WanaCrypt, Wanna Decryptor) who once installed block the access to files and requires a ransom (300 dollars) to free the system. As usual, it is by the vast campaign of phishing by e-mail that the ransomware found itself in numerous PC.

WannaCrypt exploits a fault in Windows corrected nevertheless since March last and revealed by them from now on famous Shadowbroker s Kaspersky details:

"The attack is introduced via the remote execution of a code SMBv2 in Microsoft Windows. This exploit (code name: "EternalBlue") was made available on-line via the dump of Shadowbrokers on April 14th, 2017 and corrected by Microsoft on March 14th. It would seem that many companies did not install the corrective. Kaspersky Lab counted more than 45 000 attacks of the ransomware WannaCry in 74 countries worldwide, mainly in Russia. It is important to note that the visibility of Kaspersky Lab can be limited and incomplete. It means that the number and victims' range are probably wider".

Let us call back that this fault had been exploited by the NSA and that its tool of exploitation had fuité there is a few weeks, always thanks to Shadowbrokers. Thus pirates quickly seized it to lead this attack.

Thus the existence of a patch does not mean that he is applied everywhere, the proof. All the affected companies, as Renault in France, had not taken apparently seriously the bulletin of safety of stamped Microsoft MS-17-010. And the manufacturer is not the only one to have forgotten this corrective nevertheless critical.

The Windows XP case

On the other hand, count of these companies still use the former Windows XP which is not anymore supported by Microsoft and thus which did not benefit from this saving corrective. The real door opened for the pirates. The same goes for Windows 8 and Server on 2003.

In France, the ANSSI emitted an alert, and advises in case of infection of a system "to isolate him, even to put out him the time to apply the necessary measures". At the same time, Microsoft takes the affair very seriously and decided to give a hand to companies and affected institutions by spreading exceptionally a patch for Windows XP, Windows 8 and a Windows Server on 2003. In the face of the scale of the attack, Redmond did not have the choice.

Microsoft specifies that "the customers using Windows 10 were not affected by this attack today".

The distribution of the attack would be today to be stopped thanks to the implementation of these countermeasures and thanks to the intervention of a researcher in safety which accidentally found the way to activate a mechanism of autoblocking.

According to the World: "the researcher in anonymous IT security, known only by his pen name on the social networks, MalwareTech, discovered during the night of Friday to Saturday the address of a web site in the code of the software. The virus tried to connect in this site during its distribution; if the site was injoignable, he pursued his distribution. Having noticed that the domain name was for sale, MalwareTech simply bought him, activating without being aware of it the emergency mechanism which seemed to have been to planned by designer of the software and stopping its distribution".

We are on the downward slope, the new infections are very rare " moreover noticed Vikram Thakur, researcher to Symantec, questioned by Guardian. Of what to allow to confine the attack in Europe, the United States having been relatively protected.

The fact remains that the locked machines remain locked, thus it will be necessary to wait to find a way to decipher the files of the infected PC. Or to pay (what offers no guarantee of releasing).

To see live attacks: clikez here

And you? You will pay!?

Le virus

  • Creator: Apasuds
  • Role: virus
  • Year: 2017

Attack of Manchester: the British youth affected quite hard

Attack
Project 02

Attack of Manchester: the British youth affected quite hard

For Katy Hilton, it is too much. The day before, on Monday, May 22nd, the 13-year-old girl was taken by terror by hearing the powerful explosion. But she knew how to regain self-control immediately to run away from the room of Manchester Arena with her friend and their respective mothers. It is only twelve hours later than the emotion finally surfaces. While she tells her story, tears begin to flow on the cheeks. At first slowly, then in a uncontrollable way, in a torrent of sobs. She snuggles up in the arms of her mother, calling back by this gesture her very young age. "I caught them by hand and we ran as quickly as possible, to leave very far", shows Lisa, a mother Katy and her friend Kelly Dixon, age 12, waited for this concert of Aryanah Big for several months, of which to justify the travel of four hours between Sunderland, where they live, and Manchester. The American pop singer is their idol. Kelly had already seen her in concert two years ago. "This time, the atmosphere was much better", she says. At the end of the concert, by 10:30 pm, both friends were just in front of the scene. Their mothers waited for them in the home, outside of the room, where the memories are for sale. "I heard an explosion, but I believed that it was balls which had burst, shows Katy. And then we heard people to shout:" bomb! Bomb! "" Read also: What we know about the attack of Manchester Paniced, both girls left in search of their mothers. "We looked for them during five minutes. It was the longest five minutes of my life, remembers himself Lisa, the mother of Katy. Then, I caught them by hand and we ran as quickly as possible, to leave very far." It is only at three o'clock in the morning that they found their hotel, having got lost in the city. The terrorist attack, claimed by the jihadist group Islamic State and which struck the concert of Aryanah Big in Manchester, making at least 22 deaths and 59 wounded persons, struck right in the heart a very young public. A "revolting" attack, which aimed "of young defenseless people", condemned the first Secretary Theresa May in front of Downing Street on Tuesday. Teenagers for the greater part, even preteenagers still to the primary school. All were not lucky of Katy and Kelly. "Children" are a part dead people, revealed police of Manchester. A 8-year-old girl, Saffie Rose Roussos, was one of the first identified victims. Certain families live an unbearable anxiety. On Tuesday, at the middle-day, Charlotte Campbell had not found his girl Olivia yet, age 15. She moved heaven and earth, calls on to the social networks, met dozens willingness to help him, multiplied the testimonies in the media. But, at the moment, always no news. "She was with his friend Adam, showed on the BBC the mother, the hoarse voice by the emotion. Adam was found, it is at the hospital, but Olivia was not found." On Twitter, the keyword # missingManchester propagated, to try to find her, as well as other teenagers who remain worn disappeared. "It was horrible" Molly Moore, age 14, had more luck. She came from Derby accompanied with her mother. "I waited for this concert since two hundred eight days", she specifies, having assured the discount day by day since the purchase of her tickets. On Tuesday morning, her portait still the sweat-shirt of Aryanah Big when she raised proudly the day before. Around the neck hung the dress handkerchief transparente with its concert ticket. "It was horrible. I still am under the shock", murmur the teenager, who can no more sleep and contained anger. She and her mother found themselves locked in Manchester Arena after the explosion of the bomb. Police took care of them, coming to inform them every half an hour about the evolution of the situation. "But only very late, while seeing a television screen, one understood the scale of the situation, explains Karen Moore. Before, we did not know that there were deaths." And it is at 6 o'clock in the morning only that they were able to go out of the concert hall and to return in their hotel. At the street corner, where the district is buckled, they pass then next to a big electronic advertising hoarding. Above, on the background of flag of the Union Jack, these simple words: "Pray for Manchester".

  • Creator: LeMonde / Apasuds
  • Role: attack
  • Year: 2017

Importing New!

Importing New!

It is an unprecedented attack which propagates since Friday against thousands of companies and mainly European institutions. 80 countries would be concerned by this coordinated and massive offensive affecting firms as Renault in France, Telefonica in Spain, FedEx or still hospitals in England, schools, universities. Dozens of thousand machines would have been affected through more than 45.000 attacks.

Of what to cause partial blockings or total of activity. To Renault, the production so has of the being stopped by precaution on certain sites as Sandouville while waiting for to being able to free the infected PC.

It is the ransomware which is at the origin of this attack: WannaCrypt (also known under names Wcry, WanaCry, WanaCrypt, Wanna Decryptor) who once installed block the access to files and requires a ransom (300 dollars) to free the system. As usual, it is by the vast campaign of phishing by e-mail that the ransomware found itself in numerous PC.

WannaCrypt exploits a fault in Windows corrected nevertheless since March last and revealed by them from now on famous Shadowbroker s Kaspersky details:

"The attack is introduced via the remote execution of a code SMBv2 in Microsoft Windows. This exploit (code name: "EternalBlue") was made available on-line via the dump of Shadowbrokers on April 14th, 2017 and corrected by Microsoft on March 14th. It would seem that many companies did not install the corrective. Kaspersky Lab counted more than 45 000 attacks of the ransomware WannaCry in 74 countries worldwide, mainly in Russia. It is important to note that the visibility of Kaspersky Lab can be limited and incomplete. It means that the number and victims' range are probably wider".

Let us call back that this fault had been exploited by the NSA and that its tool of exploitation had fuité there is a few weeks, always thanks to Shadowbrokers. Thus pirates quickly seized it to lead this attack.

Thus the existence of a patch does not mean that he is applied everywhere, the proof. All the affected companies, as Renault in France, had not taken apparently seriously the bulletin of safety of stamped Microsoft MS-17-010. And the manufacturer is not the only one to have forgotten this corrective nevertheless critical.

The Windows XP case

On the other hand, count of these companies still use the former Windows XP which is not anymore supported by Microsoft and thus which did not benefit from this saving corrective. The real door opened for the pirates. The same goes for Windows 8 and Server on 2003.

In France, the ANSSI emitted an alert, and advises in case of infection of a system "to isolate him, even to put out him the time to apply the necessary measures". At the same time, Microsoft takes the affair very seriously and decided to give a hand to companies and affected institutions by spreading exceptionally a patch for Windows XP, Windows 8 and a Windows Server on 2003. In the face of the scale of the attack, Redmond did not have the choice.

Microsoft specifies that "the customers using Windows 10 were not affected by this attack today".

The distribution of the attack would be today to be stopped thanks to the implementation of these countermeasures and thanks to the intervention of a researcher in safety which accidentally found the way to activate a mechanism of autoblocking.

According to the World: "the researcher in anonymous IT security, known only by his pen name on the social networks, MalwareTech, discovered during the night of Friday to Saturday the address of a web site in the code of the software. The virus tried to connect in this site during its distribution; if the site was injoignable, he pursued his distribution. Having noticed that the domain name was for sale, MalwareTech simply bought him, activating without being aware of it the emergency mechanism which seemed to have been to planned by designer of the software and stopping its distribution".

We are on the downward slope, the new infections are very rare " moreover noticed Vikram Thakur, researcher to Symantec, questioned by Guardian. Of what to allow to confine the attack in Europe, the United States having been relatively protected.

The fact remains that the locked machines remain locked, thus it will be necessary to wait to find a way to decipher the files of the infected PC. Or to pay (what offers no guarantee of releasing).

To see live attacks: clikez here

And you? You will pay!?

Le virus

... ETC....
About
  • ......
  • Soon...
  • ......