Internet Security

Two years after WannaCry, a million computers remain at risk

Two years ago today, a powerful ransomware began spreading across the world. WannaCry spread like wildfire, encrypting hundreds of thousands of computers in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands cryptocurrency in ransom to unlock them, had…


Two years agotoday, a powerful ransomware began spreading across the world.

WannaCry spread like wildfire, encrypting hundreds of thousands of computers in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands cryptocurrency in ransom to unlock them, had spread across the world in what looked like a coordinated cyberattack.

Hospitals across the U.K. declared a “major incident” after they were knocked offline by the malware. Government systems, railway networks and private companies were also hit.

Security researchers quickly realized the malware was spreading like a computer worm, across computers and over the network, using the Windows SMB protocol. Suspicion soon fell on a batch of highly classified hacking tools developed by the National Security Agency, which weeks earlier had been stolen and published online for anyone to use.

“It’s real,” said Kevin Beaumont, a U.K.-based security researcher at the time. “The shit is going to hit the fan big style.”

WannaCry relied on stolen NSA-developed exploits, DoublePulsar and EternalBlue, to hack into Windows PCs and spread through the network (Image: file photo)

An unknown hacker group — later believed to be working for North Korea — had taken those published NSA cyberweapons and launched their attack — likely not realizing how far the spread would go.The hackers used the NSA’s backdoor, DoublePulsar, to create a persistent backdoor that was used to deliver the WannaCry ransomware. Using the EternalBlue exploit, the ransomware spread to every other unpatched computer on the network.

A single vulnerable and internet-exposed system was enough to wreak havoc.

Microsoft,already aware of the theft of hacking tools targeting its operating systems, had released patches. But consumers and companies alike moved slowly to patch their systems.

In just a few hours, the ransomware had caused billions of dollars in damages. Bitcoin wallets associated with the ransomware were filling up by victims to get their files back — more often th

Read More

Be the first to write a comment.

Leave a Reply

Internet Security

Target checkouts hit by outage for a second day in a row – TechCrunch

Another day, another Target checkout outage. Many took to social media to complain that checkouts at the retail giant went down for a second day in a row. Many stores were only taking cash and gift cards. It comes after Target suffered a global point-of-sale machine outage on Saturday. Checkouts were down for more than…


Another day, another Target checkout outage.

Many took to social media to complain that checkouts at the retail giant went down for a second day in a row. Many stores were only taking cash and gift cards. It comes after Target suffered a global point-of-sale machine outage on Saturday. Checkouts were down for more than two hours.

Target said in a statement yesterday that it co

Read More

Continue Reading
Internet Security

Have I Been Pwned is looking for a new owner

Troy Hunt has revealed he’s looking for an acquirer for the breach notification service he set up more than five years ago — aka: Have I Been Pwned. In a blog post discussing the future of the service, Hunt details how traffic to the site has exploded since January when he uploaded a massive 773M…


Troy Hunthas revealed he’s looking for an acquirer for the breach notification service he set up more than five years ago — aka: Have I Been Pwned.

In a blog post discussing the future of the service, Hunt details how traffic to the site has exploded since January when he uploaded a massive 773M record list of breached emails and passwords that could be used for automated unauthorized logins (aka credential stuffing).

“The extra attention HIBP started getting in Jan never returned to 2018 levels, it just kept growing and growing,” he writes, saying he realized he was getting close to burn out trying to manage the service solo. Hence his decision to seek an acquirer.

HIBP has ridden a wave of growing concern about data breaches and Internet security, with Hunt taking the decision to accept a commercial sponsorship via a partnership with password manager firm 1Passwordlast year.

Its growing profile has also led the service finding favor with governments wanting to monitor their own domains.

Sketching what he hopes to achieve with mor

Read More

Continue Reading
Internet Security

SEC expands its war on cryptocurrency companies with a lawsuit against Kik

The Securities and Exchange Commission has sued Kik Interactive for the $100 million token sale the company announced two years ago. It’s an expansion of legal actions that began last year as the SEC seeks to rein in companies that the regulatory agency thinks issued securities illegally. In the lawsuit, the SEC claims that Kik…


The Securities and Exchange Commission has sued Kik Interactive for the $100 million token sale the company announced two years ago.

It’s an expansion of legal actions that began last year as the SEC seeks to rein in companies that the regulatory agency thinks issued securities illegally.

In the lawsuit, the SEC claims that Kikconducted an illegal $100 million offering of digital tokens by selling the tokens to U.S. investors without registering their offer and sale as required under U.S. law.

The complaint alleges that Kik had been losing money for years on its online messaging application and that the company’s management predicted it would run out of money in 2017, precisely when it began laying the groundwork for the launch of its digital token, “Kin.”

The creation of an online marketplace selling through the company’s messaging service was financed by the sale of 1 trillion digital tokens to raise $100 million dollars.

Critical to the SEC’s case is the allegation that Kik marketed its Kin tokens as an investment opportunity, telling investors that rising demand would drive up the value of Kin and that Kik would work to boost that demand.

Kik was supposed to do that by building systems like a Kin transaction service, a rewards system for companies that used Kin, and by incorporating the tokens into the company’s existing messaging app. None of those features existed at the time of the offering, the SEC alleges.

The company also said that it would keep three trillion tokens that could trade on secondary markets and would increase in value as other investors speculated on the currency’s success.

Chat app Kik takes on Facebook with developer ecosystem built on the blockchain

“By selling $100 million in securities without registering the offers or sales, we allege that Kik deprived investors of inf

Read More

Continue Reading
Internet Security

Binance resumes trading following $40M bitcoin hack

Cryptocurrency exchange Binance has resumed trading activity. Users can now cancel open orders, deposit crypto assets into their Binance account and, of course, buy and sell cryptocurrencies. You can’t withdraw crypto assets to an external wallet just yet, but the company says that this feature will be available shortly. You can cancel orders now. Trading,…


Cryptocurrency exchange Binance has resumed trading activity. Users can now cancel open orders, deposit crypto assets into their Binanceaccount and, of course, buy and sell cryptocurrencies. You can’t withdraw crypto assets to an external wallet just yet, but the company says that this feature will be available shortly.

Read More

Continue Reading