Computer Repair Longmont, CO Virus removal. – Computer Physicians, LLC

Here is some news about the latest computer viruses out today that Computer Physicians in Longmont/Boulder, CO can help you with:


A new ransomware exploit dubbed “Petya” struck major companies and infrastructure sites this July 2017, following last month’s WannaCry ransomware attack, which wreaked havoc on more than 300,000 computers across the globe. Petya is believed to be linked to the same set of hacking tools as WannaCry.

Petya already has taken thousands of computers hostage, impacting companies and installations ranging from Ukraine to the U.S. to India. It has impacted a Ukrainian international airport, and multinational shipping, legal and advertising firms. It has led to the shutdown of radiation monitoring systems at the Chernobyl nuclear facility.

Europol, the international law enforcement agency, could not provide operational details on the attack, spokesperson Tine Hollevoet told the E-Commerce Times, but it was trying to “get a full picture of the attack” from its industry and law enforcement partners.

Petya “is a demonstration of how cybercrime evolves at scale and, once again, a reminder to business of the importance of taking responsible cybersecurity measures,” Europol Executive Director Rob Wainwright said in a Wednesday update.

Unlike Wannacry, the Petya attack does not include any type of ‘kill switch,’ according to Europol.

Variant Characteristics

The U.S. Computer Emergency Readiness Team on Tuesday began fielding numerous reports about the Petya ransomware infecting computers around the world, and noted that this particular variant encrypts the master boot records of Windows computers and exploits vulnerabilities in the Server Message Block.

The RANSOM_PETYA.SMA variant uses as infection vectors both the EternalBlue exploit, which was used in the WannaCry attack, and the PsExec tool, which is a Microsoft utility used to run processes using remote access, according to Trend Micro.

Users should apply the MS17-010 security patch, disable TCP port 445, and restrict accounts with administrator group access, the firm recommended.

The Petya variant uses the rundll32.exe process to run itself, and encryption is carried out using perfc.dat, a file located in the Windows folder, Trend Micro said. The ransomware adds a scheduled task and reboots the computer system after one hour. The Master Boot record is modified, allowing encryption to take place, and a ransom note is displayed with a fake CHKDSK notice.

The Petya exploit uses a hardcoded bitcoin address, making decryption more labor-intensive than it was during the WannaCry attack. However, users similarly are asked to pay US$300 to release the data. An estimated $7,500 had been paid as of Tuesday, Trend Micro estimated. However, that number could change as the attacks spread.

Many companies failed to upgrade their computer systems properly following the WannaCry attack, said Gaurav Kumar, CTO at RedLock.

WannaCry exploited legacy Windows systems that had not been patched, even though Microsoft issued an update in March, he told the E-Commerce Times.

Governments should mount coordinated efforts to fight cyberattacks, according to Access Now, an advocate for digital rights and privacy.

The Petya attack’s use of the EternalBlue exploit shows that government agencies should not be stockpiling vulnerabilities, the group argued, as the exploit has been linked to the Shadow Brokers’ leak of an exploit created by the National Security Agency.

“Governments should promote patching by developing and codifying vulnerabilities equities processes and through support of coordinated disclosure programs,” said Drew Mitnick, policy counsel at Access Now.

Corporations Caught

Pharmaceutical giant Merck & Co. on Tuesday confirmed that its computer network was compromised by the attack, and said it was investigating the matter.

International law firm DLA Piper confirmed that its advanced warning systems detected suspicious activity that apparently was linked to a new variant of the Petya malware. The firm said it had taken down its systems to prevent the spread, and that it had enlisted forensic experts and was cooperating with FBI and UK National Crime Agency investigators.

Advertising and public relations firm WPP said it was working with its IT partners and law enforcement agencies to take precautionary measures, restore services where they have been disrupted, and keep the impact on clients, partners and people to a minimum. The company has taken steps to contain the attack and is working to return to normal operations as soon as possible, while protecting its systems.

International shipping firm A.P. Moeller-Maersk reported that a number of company IT systems were down following the attack and said that it had shut down a number of systems to contain the problem. APM terminals were down in a number of ports, and the Port Authority of New York and N.J. issued a warning to delay arrivals in light of APM’s system issues.

Link to article tech news world


Computer Physicians of Longmont, CO can also help you with ransomware viruses.  As noted below this is also a problem:

Hospitals, major companies and government offices have been hit by a massive wave of cyberattacks across the globe that seize control of computers until the victims pay a ransom.

Cybersecurity firm Avast said it had identified more than 75,000 ransomware attacks in 99 countries, making it one of the broadest and most damaging cyberattacks in history.

Avast said the majority of the attacks targeted Russia, Ukraine and Taiwan. But U.K. hospitals, Chinese universities and global firms like Fedex (FDX) also reported they had come under assault.

Europol said Saturday that the attack was of an “unprecedented level and requires international investigation.”

The ransomware, called “WannaCry,” locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The exploit was leaked last month as part of a trove of NSA spy tools.

The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft (MSFT, Tech30) released a security patch for in March. But computers and networks that hadn’t updated their systems were still at risk.

In the wake of the attack, Microsoft said it had taken the “highly unusual step” of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003.

“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”

Related: Microsoft quickly fixes ‘crazy bad’ Windows bug

Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. The NHS said in a statement on Saturday that there was no evidence that patient information had been compromised.

In China, the internet security company Qihoo360 issued a “red alert” saying that a large number of colleges and students in the country had been affected by the ransomware, which is also referred to as “WannaCrypt.” State media reported that digital payment systems at PetroChina gas stations were offline, forcing customers to pay cash.

“Global internet security has reached a moment of emergency,” Qihoo360 warned.

Spanish telecom company Telef√≥nica (TEF) was also hit with the ransomware. Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

“It is going to spread far and wide within the internal systems of organizations — this is turning into the biggest cybersecurity incident I’ve ever seen,” U.K.-based security architect Kevin Beaumont said.

Fedex said it was “experiencing interference with some of our Windows-based systems caused by malware” and was trying to fix the problems as quickly as possible.

Russia’s Interior Ministry released a statement acknowledging a ransomware attack on its computers, adding that less than 1% of computers were affected, and that the virus is now “localized.” The statement said antivirus systems are working to destroy it.

Related: NSA’s powerful Windows hacking tools leaked online

Megafon, a Russian telecommunications company, was also hit by the attack. Spokesman Petr Lidov told CNN that it affected call centers but not the company’s networks. He said the situation is now under control.

The U.S. Department of Homeland Security, in a statement late Friday, encouraged people to update their operating systems. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally,” the department said.

Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is “the most significant factor” in the global outbreak.

How to prevent it

Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telef√≥nica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won’t do any good for machines that have already been hit.

He said it’s likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.

“It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”

Related: How leaked NSA spy tools created a hacking free-for-all

According to Matthew Hickey, founder of the security firm Hacker House, Friday’s attack is not surprising, and it shows many organizations do not apply updates in a timely fashion.

When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the “most damaging” he’d seen in several years, and warned that businesses would be most at risk.

Consumers who have up-to-date software are protected from this ransomware.

It’s not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.

— Jethro Mullen, Mariano Castillo, Jessica King, Yuli Yang, Steven Jiang, Clare Sebastian and Livvy Doherty contributed to this report.