Tagged: cyberattack

Find the Key needed to unencrypt a Hard Drive encrypted by Petya Ransomware

Click on this link to visit the GitHub site where Leo Stone has posted some code which might just figure out the key required to unencrypt a Hard Drive encrypted by Petya Ransomeware. He suggests to try finding the key using an image copy of the Petya encrypted Hard Disk,. That way the original may not be harmed.  

Disclaimer: if you use Leo Stone’s code and method, you do so at your own risk. Loe also suggested to make and use an image copy of the encrypted hard Drive so as not to potentially damage the original. Leo’s code may find the key, or it may not. Playing around with the encrypted Hard Drive may damage it to the point that even if you pay the Ransom, you may not be able to reteive your data from said hard drive. I again state that following Loe Stone’s method as posted on GitHub is done at your own risk. Do your own Due Diligence. You could lose all the data on the hard drive.

Posted by Vincent Banial

Advertisements

Malware infected Android Apps discovered by Cybersecurity Researchers

Kaspersky Lab publishes details about the Equation Hacker group’s arsenal, including “nls_933w.dll” which can reprogram the hard drive firmware of over a dozen different hard drive brands


Kaspersky Lab presented at their Security Analysts Summit something even more scary than the details about the Carbanak Bank Cyber Heist. Per Karspersky the Carbanak group ripped off about 100 banks around the globe of about $1 Billion Dollars (and in my opinion very likely still counting).

Kaspersky Lab Experts referred to the Equation group as the “God” or the “Death Star” of Malware. Part of the huge arsenal of code which the Equation group has been developing over what looks like decades is nls_933w.dll“. “It allows them to reprogram the hard drive firmware of over a dozen different hard drive brands“.

Oncenls_933w.dll installs the Malware into the Hard Disk’s firmware, there is no way to remove it. Repartitioning will not affect it. Reformatting has no effect. The only way to get rid of this Malware from the targeted computer, is to physically destroy the Hard Disk.

Kaspersky Lab goes on to report that the Equation group seems to have existed long before the Stuxnet group.

The word “Elite” is part of the lexicon of Hackers. The Equation group therefore can be called the Elite of the Elite of the Elite of the Elite of the Elite and so on of Uber Hackers. To be able to hack and modify a Hard Drive’s firmware is unheard of. To be able to do so for Hard Drives of over a dozen different brands is insanely impossible. Yet the Equation group did it and very likely much more, that has yet to come to light. In comparison, this makes things like the REGIN Malware group’s incredible capabilities seem like no big deal.

Ok, enough of my rambling.

Click on this line to view the Kaspersky Lab report about the Equation group and their arsenal of jaw dropping Malware. On that page you will find a link to a downloadable PDF of the Question and Answer session from their presentation at the Security Analysts Summit.

Wow, this has turned into a CyberSecurity long weekend. Very impressive and rather scary stuff has been revealed by Kaspersky Lab.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Kaspersky Lab report: The Great Bank Robbery: Carbanak cybergang steals $1 Billion Dollars from 100 financial institutions worldwide

Video is courtesy of the Kaspersky Lab YouTube channel


The Kasperskpy Lab report which was presented at the Security Analyst Summit (on Feb 16 2015) is now available online.


Click on this line to visit the Kaspersky Lab SecureList page which discusses the report : The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide.
You can also download a PDF of the “Full” Report via a link on that webpage.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Hackers supposedly were able to steal up to $1 Billion Dollars from Banks around the globe


This is a further update to our prior post about the breaking news of a major Cyber Bank Heist.

The amount supposedly stolen from assorted banks around the globe is now being published to be around $1 Billion Dollars.

Photo of racks filled with Cisco Networking gear. Photo Credit Vincent Banial

Racks filled with Cisco Networking gear. Photo Credit Vincent Banial

Continue reading

Hackers supposedly infiltrated Banks via Malware, allowing them to steal hundred of millions of dollars. Detailed report by cybersecurity firm Kaspersky Lab to be made public on Monday Feb 16

Photo of racks filled with Cisco Networking Gear. Photo Credit Vincent Banial

Photo of racks filled with Cisco Networking Gear. Photo Credit Vincent Banial

Click on this line to read what was posted today (Sat Feb 14)  by the New York Times about Hackers infiltrating Banks around the world by using Malware.

I have had many arguments about security software. One group especially got me going because to them Norton Security was the end all and be all. I finally got their so-called Tech to admit that to him Norton Security was the best because it had the largest market share. That’s like saying that GM automobiles are better than Rolls Royce automobiles because GM has a larger market share.

Of course Norton Security is very good. I believe that the security software created by Kaspersky Lab is better (your mileage may differ). Testing done by the Security Software testing site AV TEST http://av-test.org also top rates Kaspersky Lab security software. But I digress…our coverage of this major Cybersecurity Breach continues below.

The report on what Kasperky Lab had determined about the Cyber Bank Heist will be made public on Monday Feb 16.

Supposedly ATMs were instructed by the Hackers to dispense money at specific times.

Account balances were supposedly inflated and then the inflated amounts were transferred to Bank Accounts setup by the Hackers.

In the New York Times article it seems that Kaspersky Lab had supposedly seen evidence of hundreds of millions of dollars in supposed theft. The article implied that the Cyber Security Experts at Kaspersky Lab think that the sums stolen could possibly be multiple times more.

I will keep watching for the official Kaspersky Lab report on Monday. Till then you can learn more about this by visiting some of the links below.

Click on this line to read a prior report (Sept 11 2014) by Kaspersky Lab Security Experts. The report is titled: “Thefts in remote banking systems: incident investigations”. It details how Hackers were able to overcome one bank’s Security, by using Social Engineering to infect one key computer in that Bank’s Network. Makes for some interesting reading.

The New York Times post which looks to be the main post which  brought this to public light.

CNet’s post about the supposed Cyber Bank Heists.

ARS Techinca coverage of the Cyber Attack on Banks around the globe.

The Citizen post about this Hacker worldwide Bank Heist.

New York Times sub post about how Hackers infiltrated Banks.

 

I will continue to post about this as more is learned – most likely when that Kaspersky Lab report is released on Monday Feb 16 2015.

 

 

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.