These Large Companies, Still Using Unpatched or Bootleg Windows, Got Hit by Petya Ransomware Attack

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Share on RedditPrint this pageEmail this to someone

Even after all the WannaCry hoopla in May. US companies too!

The Petya ransomware attack infected over 2,000 computer systems across the world as of midday today, according to Kaspersky Lab, cited by Reuters. Russia and Ukraine were most affected. Other victims were in Britain, France, Germany, Italy, Poland, and the US. When China starts up its computers, it will suffer the consequences for not staying in bed.

The malware includes code known as “Eternal Blue,” which was also used in the WannaCry attack in May. Experts believe the code was purloined from NSA. The ransomware encrypts hard drives of infected machines and then demands $300 in bitcoin in order for the user to regain access. Petya takes advantage of the same vulnerability in Windows as WannaCry.

But Microsoft released a patch to fix this vulnerability on March 14. Patched computers were not affected by WannaCry, and are not affected today. The Windows Malicious Software Removal Tool detects and removes the malware automatically during the updating process. But that update isn’t available for bootleg copies of Windows – hence China’s disproportionate problems with the attack in May.

And computers that are running legitimate versions of Windows but hadn’t been updated for whatever reason are vulnerable. Amazingly, when WannaCry hit, plenty of companies were mauled because some dude hadn’t updated their machines. Corporate and government networks were hit. You’d think after the hue and cry in May, all legit corporate systems would be updated, and bootleg copies of Windows would be replaced either by a legit copy of Windows or another operating system. But no. Rinse and repeat.

The first attacks were reported from Russia and Ukraine. And then it spread around the world. These are among the companies that reported having been hit:

Rosneft, Russian state-owned oil company and one of the largest oil producers in the world reported that its network suffered “serious consequences” due the ransomware. But it was able to maintain oil production by switching to backup systems.

Russian banks suffered “computer attacks,” and in isolated cases computer networks were infected, according to the Central Bank. Home Credit, a consumer lender, had to shut down all branches.




Russian steelmaker Evraz said its computer network had been hacked, but steel output was not affected.

Ukrainian government’s computer network went down, reported Deputy Prime Minister Pavlo Rozenko.

The International Airport in Kiev, Ukraine, was hit. “In connection with the irregular situation, some flight delays are possible,” Yevhen Dykhne said on Facebook, cited by Reuters.

Ukrainian banks reported disruptions to their operations, according to the National Bank of Ukraine.

Ukraine’s state power producer, a media company, and other firms were hit, including subsidiaries of German operations (see below) and forced to deal with disruptions.

Deutsche Post’s Ukrainian operations of Express were hacked, the German postal and logistics company reported.

Metro’s wholesale stores in Ukraine were hit, the German discount retailer reported.

A.P. Moller-Maersk — Danish conglomerate that includes the largest container carrier in the world with a fleet of over 600 vessels, oil tankers, an oil and gas production business, and port and tug boat operations — reported that the ransomware attack caused an IT breakdown that impacted all its business units around the globe, including 17 of its container terminals.

TNT Express, the Netherlands-based shipping company, now a division of FedEx, said it was experiencing interference with some of its systems due to the ransomware.

UK-based WPP, the world’s largest advertising agency, reported that several of its agencies were hacked. A WPP employee who asked not to be named told Reuters that workers were told to shut down their computers: “The building has come to a standstill.” At 7 PM Pacific Time, when I last checked its website, a placeholder said the site was “currently unavailable due to important routine maintenance.” The placeholder has been in place for hours.

Heritage Valley Health System in Western Pennsylvania had to shut down its entire computer network following the cyber-attack, according to local media reports, cited by Reuters.

Merck & Co, US pharmaceutical company, tweeted that its “computer network was compromised today as part of global hack. Other organizations have also been affected.” Adding, “We are investigating the matter and will provide additional information as we learn more.” A high-tech pharmaceutical company!

French construction materials company Saint Gobain said it too had become a victim and had isolated its computer systems to protect data.

Royal Canin pet food division of US-based Mars Inc. has been hit. A spokeswoman for company said that the infection has been isolated.

US snack company Mondelez International (Oreos, Toblerone, Newtons, Premium and Ritz crackers, etc.) said employees in different regions were experiencing technical problems, but it was unclear whether this was due to ransomware, it said.

India-based operations of German personal-care company Beiersdorf (Nivea skin care products) were impacted by the hack, India-based employees told Reuters.

India-based operations of UK consumers goods company Reckitt Benckiser (Lysol, Enfamil infant formula, Dettol soap) was hacked, according to India-based employees.

An unnamed international company in Norway has been infected with the ransomware, Norway’s national security authority reported.

These are big sophisticated companies, many of them with global operations, and therefore with global IT networks, not mom-and-pop operations. And yet the Windows machines in their networks hadn’t been updated and had remained vulnerable, or were using bootleg copies of Windows that couldn’t be updated, even after all the hoopla in May about this vulnerability. Just sitting here and shaking my head.

In May, about 40,000 Chinese institutions were hit by the WannaCry ransomware attack – more than in any other country. Why? Read… Hotbed of Bootleg Software, China Gets Hit Most by WannaCry




Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Share on RedditPrint this pageEmail this to someone

  75 comments for “These Large Companies, Still Using Unpatched or Bootleg Windows, Got Hit by Petya Ransomware Attack

  1. Paulo
    Jun 27, 2017 at 9:42 pm

    In the greater scheme of business expenses, running vulnerable operating systems (bootleg/stolen) to save a few bucks has to be one of the dumbest things any organization can do. Don’t get me wrong, in the past I have run program copies on my home computer, mainly AutoCad…which used to be $4500 per. However, before installing one could always scan.

    Right now I am using Windows 7 with current anti-virus and anti-malware, plus always update Windows when prompted. Lately, I have been shutting this machine completely down every night as well….just in case. I think the last glitch I have had to deal with was shortly before my son grew up and moved into his own adult life and quit sharing virus infected files.

    While I think hackers who spread virus/malware should be flogged on the way to jail, users can do a lot to protect themselves in the mean time. So, Chernobyl was one of the victims. What happens if auto systems are affected and people die? Maybe thousands die? What about other automated systems? Hospitals have been affected. This is pretty serious stuff and penalties for host countries should be very severe.

    Of course the delicious irony was the fact it was a stolen and tweaked NSA product.

    regards

    • Suzie Alcatrez
      Jun 27, 2017 at 10:17 pm

      A lot of those systems are embedded systems with no way to upgrade or patch.

      • JungleJim
        Jun 27, 2017 at 10:39 pm

        I know this is a stupid question, but I’m gonna ask it anyway.

        If an embedded system is not accessible for patching, how does the infected code reach it ?

        • CrazyCooter
          Jun 27, 2017 at 11:18 pm

          Embedded means someone wrote software and sold it as part of a product – lets take a garage door opener for example – that isn’t updated after it is sold. Or maybe the company that sold it went out of business after – say – ten years but that door opener works just dandy and is left in place.

          Now, I am not saying all garage door systems are running on Windows – but I am saying that the tool, an operating system that can run custom software – has been sold packaged in devices that do have internet access and are subsequently vulnerable.

          Regards,

          Cooter

        • Meme Imfurst
          Jun 28, 2017 at 6:58 am

          The Centrifuges in Iran had controllers for the motors made by Siemens, the program was imbedded. That was why Stuxnet was so mysterious, that it managed to ‘worm its way into a preprogramed ‘stand alone’ device.

          Many embedded devices are based on Win95.

        • Ethan in NoVA
          Jun 28, 2017 at 7:49 am

          It’s still connected to the network and is still running enough components of the Windows operating system to be vulnerable.

          At least with Windows XP there is a toolkit called Windows XPe (Embedded) where you add in the software you want to run then the toolkit can strip away everything that isn’t needed. Resulting special embedded copy will often only run on the specific exact computer config (no extra drivers for anything else) and will lack things like Windows Explorer and stuff. My experience with it is from toying with arcade games, but it’s also used in printers, cash registers, etc.

          I assume something similar exists for Win7, 8, 10. These randsomwares based on NSA leak use vulnerable network (file sharing I believe) functions. These start by people running random junk that arrives in email (thanks, employees) but then these try to spread by hitting a few vulnerable network services on Windows Vista and newer.

    • Jun 28, 2017 at 2:34 am

      Call me a Conspiracy Theorist, but how big a chance that Microsoft will be behind these attacks? I mean they were trying to stop these bootleg software for so long. Now this looks like a perfect strategy!

      May be I am imagining things!!!

      • cdr
        Jun 28, 2017 at 6:10 am

        “May be I am imagining things!!!”

        Yes, you are. Microsoft has people locked in a a 12 month, soon to be 6 month, upgrade cycle for the O/S (free) and is pushing the boundaries of software rental. Windows 10 upgrades are still legally free if you’re slightly inquisitive enough to google how. Where’s the benefit? Unless you use Linux, they own you already.

  2. pjkkerr
    Jun 27, 2017 at 10:02 pm

    The conspiracy nut meme infecting my brain prompts me to wonder if there isn’t a black ops department somewhere in Microsoft whose job it is to put these viruses into circulation. Each incident must surely give a welcome boost to the MS bottom line :)

    • Meme Imfurst
      Jun 28, 2017 at 7:16 am

      Microsoft’s biggest customer was/is the government. The Army paid Microsoft to develop video games long before the public even heard of one, it was not Microsoft’s idea. To think that the government and all suppliers of operating systems do not have a relationship with ‘their’ government is naïve (not saying you are) in general, that includes your phancyphone. You do know that your phone stores a full year of accessible data, all the way to within 3 feet of anywhere you have been.

      No doubt, there are known flaws, perhaps deliberately built-in as Edward Snowden told us about that allow remote control, but such flaws are only a danger when someone makes them so. There is a VERY successful company in Atlanta that does nothing but explore vulnerabilities, they find one they tell the company and how much it will cost for the answer and that answer can be many millions. They refer to it as ‘DAYS” before some bad guy finds it. This is what hackers do, be it single or government ones, they look for flaws.

      As to ‘who’ might put a virus into the system, that is yet to be publicly discovered but no shortage of hints and suspects.

      • RD Blakeslee
        Jun 28, 2017 at 8:01 am

        “You do know that your phone stores a full year of accessible data, all the way to within 3 feet of anywhere you have been.”

        “Smart” phones yes – little flip phones? They can reveal current location, but do they store past locations?

        • fajensen
          Jul 3, 2017 at 7:42 pm

          No. But. The network does that for you, they log location updates, calls, SMS’s sent. Stores for at least 6 months.

          Using signal strength recorded as part of the location updates, They can track a “dumb-phone” to some fraction of one cells precision. A box of about 100 meters in areas with many cellphone towers, in the countryside maybe 3 km (but much fewer possibilities).

      • RagnarD
        Jun 30, 2017 at 9:03 am

        Couple of basic facts on Microsoft and computer games:

        http://www.history.com/this-day-in-history/microsoft-founded
        “Allen quit his job as a programmer in Boston and Gates left Harvard University, where he was a student, to focus on their new company, which was based in Albuquerque because the city was home to electronics firm MITS, maker of the Altair 8800. By the end of 1978, Microsoft’s sales topped more than $1 million and in 1979 the business moved its headquarters to Bellevue, Washington, a suburb of Seattle, where Gates and Allen grew up.”

        http://electronics.howstuffworks.com/video-game2.htm
        Video games have been around since the early 1970s. The first commercial arcade video game, Computer Space by Nutting Associates, was introduced in 1971. In 1972, Atari introduced Pong to the arcades

    • Rejected By Target
      Jun 28, 2017 at 9:19 am

      I met a guy whose room mate kept a Mac that hosted loads of Win viruses to “punish” people using Windows…

  3. tony
    Jun 27, 2017 at 10:22 pm

    I can stand all of it but not my oreo’s.

  4. Jun 27, 2017 at 10:24 pm

    No I think you’re wrong, Wolf. How can Russia be affected by the latest ransomware if, as everyone tells me, Russia is behind it? Could you please delete all mention of Russian companies affected and double the number of Ukrainian entities; that way we can continue blaming The Putin for everything. Western media thanks you.

    • cdr
      Jun 28, 2017 at 6:15 am

      No, The NYT is behind it. Seriously. They just know how to blame Russia for everything while they slowly put their people into important positions. They only look stupid. It’s just an act. The plan is to continue to look stupid until it’s too late for the rest of us to fight back. It will be a long, slow, but deliberate process. They’re not really eloquent droolers, they just look that way for a degenerate purpose.

    • RD Blakeslee
      Jun 28, 2017 at 8:03 am

      “How can Russia be affected by the latest ransomware if, as everyone tells me, Russia is behind it?”

      The same way the U.S. is affected by NSA developed malware.

  5. polecat
    Jun 27, 2017 at 10:25 pm

    Our esteemed betters (CONGRESS, the MSM, the many political Pundits, Inc., Academia, the Pentagram, etc. , all rage over supposed ‘foreign’ cyber crime, when what really should happen is that All the rogue intelligence agencies need to be disbanded and otherwise shut down, as they have become a dangerous global menace …. in all likelyhood pushing this country into war with Russia and/or China !! The fact that companies worldwide are negatively affected is secondary, and I, for one, would prefer that I, and everyone I know and cherish, not be vaporized, because of the psychopathic hubris and stupidity of organisations that are supposed to work for us, the citizens, rather than GRIFT for their own benefit and greed !

    • Jun 28, 2017 at 12:30 am

      Polecat, may I present the idea that all “rogue intelligence agencies” are actually just one agency???

    • RD Blakeslee
      Jun 28, 2017 at 8:06 am

      “All the rogue intelligence agencies need to be disbanded and otherwise shut down.” – polecat

      How do you propose to do this?

  6. tony
    Jun 27, 2017 at 10:36 pm

    Leave putin alone he likes oreo’s too.

  7. alex in san jose
    Jun 27, 2017 at 10:55 pm

    If someone comes up with a hack for Windows XP, Fry’s Electronics is going to be in a world of hurt.

    • raxadian
      Jun 27, 2017 at 11:51 pm

      Windows XP has so many holes is not funny. Is also that just happens to crash if a ransomware tries to start encrypting files, at least one based in this exploit.

      The reason why this problem barely affected XP was both because XP is varely used nowadays and because you have to be an idiot to go online with an Os that’s no longer supported, unless is for experimenting purposes. Like whose guys that used Internet last year with a Dreamcast.

      • alex in san jose
        Jun 28, 2017 at 7:05 pm

        Fry’s Electronics is not a small company, it’s electronics/computer/refrigerator stores in California and that plus supermarkets in Arizona. But they run on XP.

        Frankly since it’s a shitty place to work and a nice/shitty (50% of each) to shop, I’d be amazed some disgruntled employee hasn’t crashed ’em yet, except at Fry’s, to work there they give you a test on tech knowledge, and if you pass, they don’t hire you.

        • raxadian
          Jun 28, 2017 at 10:44 pm

          It must not be networked, or at the very least every XP device is read only.

        • alex in san jose
          Jun 28, 2017 at 11:49 pm

          It’s only all of their computers at every checkout, at the computer department desk, the large appliances desk, etc. I don’t know if I could look up stuff in other Fry’s stores “We’re out of that ma-am but there’s one in the Campbell store, I can have them hold it for you” but I have a feeling they are, at least with Fry’s stores in the area.

          Fry’s main office and their 24/7 “Have you turned it off and on again?” dept are in the same building. It’s the Fry’s of Fry’s.

  8. Wilbur58
    Jun 28, 2017 at 12:27 am

    I’ve sometimes wondered if the world’s banking databases are actually vulnerable. I assume that every bank downloads at least three copies of everyone’s ending balances at three separate location everyday. But would we be surprised to learn that one of these fine frat houses has cut corners on all IT that doesn’t aid in the flash boys’ quest to shave another millisecond when front-running?

    I really wish that the tv show Mr. Robot had done a better job with this. It had a lot of promise before devolving into some drug-addicted, Fight Club knock-off.

    • meme Imfurst
      Jun 28, 2017 at 7:26 am

      It is wise to make and have paper copies of all your bank records, heck all financial records. Digital is venerable, period. It is based on silicon which is static sensitive, voltage sensitive, radiation sensitive, even gforce sensitive. To be otherwise, say for outer space, it expensive beyond belief, and I don’t trust banks to invest to that degree. On the other hand Vacuum tubes are not, Russia’s Military is not so dumb on that one.

      • RD Blakeslee
        Jun 28, 2017 at 8:11 am

        “…Vacuum tubes are not (vulnerable) …

        Hoorsay!

        My Marantz knokoff, EL34 tubed amp made in China won’t get hacked.

        • Meme Imfurst
          Jun 28, 2017 at 8:23 am

          It is physics. Yes, you Marantz will keep on keeping on when you cell phone and computer won’t.

          By the way, many thanks for the Engligsh lezzeon. Such purrfection polize, mizz da messagz but hop on da fi-night.

          Having one eye, has it’s issues…Most don’t seem to have been bothered by that, and jump over it with forgiveness. My sincere apologies for disturbing your safe place.

      • Kent
        Jun 28, 2017 at 8:23 am

        I am a software engineer by trade myself (though mostly management these days). I keep all of my banking records going back at least a year. I do this because I’ve met quite a few programmers and sys admins who work on big bank computer systems. They are not qualified to be handling my money.

      • Petunia
        Jun 28, 2017 at 9:07 am

        I worked on systems for several large banks. They spend a lot of money on disaster recovery and have redundant systems. It is possible to lose transactions at the point where a problem occurs, but they usually have some portion of the transaction recorded and will usually give the customer the benefit of the doubt. At least that’s how it used to be, a long long time ago.

    • fajensen
      Jul 4, 2017 at 2:57 am

      Some critical systems are ludicrously poorly operated and maintained.

      Santander is quite well known for running a sloppy ship, losing account information during their takeover and mergers of the English building societies (http://www.santander.co.uk/uk/about-santander-uk/about-us/our-history).

      CSC, IT Provider of Last Resort, operated a Danish mainframe on behalf of the police which was hacked. This contained (t least) police records, the central person database and other supposedly critical information was extracted. The kicker is that CSC didn’t know for months and once the Swedish authorities discovered the activity took months to act (obviously, they do not log anything). They also cannot say if any information was altered (meaning that there is no backup of the crime registry and that the bums probably didn’t switch on the transaction checkpoint mechanisms in the IBM DB2 database). This is about the level of someone running a Linux server in the broom closet to host the company database and web pages, only for a country, for government agencies with kinetic options.

      https://www.version2.dk/fokus/csc-hacking (danish, but Google Translate works fairly good).

      If Mr. Robot had done a better job, every bright teenager and sociopathic basement dweller would realise “Hey, I can take those guys” and The End.

      Kinda like what Donald Trump has done for politics – every Upper and Comer now sees clearly: “I can take those guys, they are not that hard or even that clever after all”. Hence the existential panic over Donald Trump.

  9. randombypasser
    Jun 28, 2017 at 12:54 am

    “Petya takes advantage of the same vulnerability in Windows as WannaCry.”
    Partially right, but there’s huge differences also, especially in method of propagation. Whereas WannaCry was nasty and potentially very dangerous Petya has potential to be disastrous.
    Petya uses Windows’s default remote procedures to attack from inside of the current LAN, with ways local networks are administered.

    • Coaster Noster
      Jun 28, 2017 at 2:27 am

      I like my Ubuntu O/S. I have a 64-bit i7 laptop with native Ubuntu, now 16.04 version.

      I left Windows in 2012, when I booted up one morning, and Windows told me it did not recognize me on boot up. I even went into the registers and made fixes (always hairy) as suggested, but, no…safe mode only.

      • Karl
        Jun 28, 2017 at 10:48 am

        Same thing happened to me about the same time. Switched to Ubuntu with a strong password and sleep soundly at night.

        • Jun 28, 2017 at 7:45 pm

          I wouldn’t trust Ubuntu if I were you. I read through some of the released NSA exploits and a few (very few, but they’re still there) have *buntu exploits. Switch to another distro. I trust Mark Shuttleworth about as far as I can spit.

      • randombypasser
        Jun 28, 2017 at 2:55 pm

        In the end, *nux OSs aren’t that much safer, only so rare that they don’t have much malware, yet. You can ask about this from iOS users, they’ve seen the development lately.
        There’s structural differences which help a lot, especially if one does backup whole HD (as it is then) constantly and preferably keeps versioning couple steps. But that’s it for safety, in general terms, for *nuxes also.
        Otherwise it’s just choosing what works for one and/or what one likes, just like it started with iOS vs. Win now-ancient BBS fights.
        To be some more on safe side with Windows OS, do not ever use Home-version of that OS. So called Pro can be handled in so much more ways that getting it totally frozen needs seriously attempting it.
        But hey, no pro versions with *nuxes, no guess works then.

  10. intosh
    Jun 28, 2017 at 2:14 am

    “But Microsoft released a patch to fix this vulnerability on March 14. Patched computers were not affected by WannaCry, and are not affected today.”

    I question the accuracy of this. At the high-tech company I work for, the patch was deployed but we have been severely hit today.

    • cdr
      Jun 28, 2017 at 6:47 am

      What makes you think the affected computers were patched? IT people lie like everyone else. I would guess and probably be right that most of the ‘high techies’ you work with have silo mentalities and some become openly and behind-your-back hostile if you get them even a little outside their comfort zone, which would be narrow. Just my experience talking. Computers are my other thing, economics and fraud being the other thing besides that.

      • Ethan in Northern VA
        Jun 28, 2017 at 7:59 am

        There might be new vulnerabilities. People are looking for them all the time. People build automated tools to look for them. I’d wager some of the companies on the list don’t run pirated copies and probably are under pretty strict configuration management.

        I mean, unless you build a PC which is mostly a thing of gamers, Microsoft’s monopoly has their OS already installed on most name brand PC systems.

        A friend worked for IT in a shipping company years ago and their ship was fairly tight, as one would say.

        • cdr
          Jun 28, 2017 at 9:00 am

          Yes, I even worked as a consultant at one logistics company that took pride in being professionally managed in all departments. Whenever an IT functionary got snippy, they were pulled aside and reminded about the need to act like a pro. This company was the exception. A standout in a great way.

          A fair percentage were mediocre … did a lot right but the kids controlled the overall culture. More than a few were less than that.

        • intosh
          Jun 28, 2017 at 7:50 pm

          Like in nature, the lack of diversity will make the who ecosystem extremely vulnerable. With ~95% of the world running Windows, these latest global hacks are only the tip of the iceberg.

      • Kent
        Jun 28, 2017 at 8:32 am

        @cdr,

        I don’t know that fraud is necessarily the case, more often it is just extremely difficult to patch everything. Most of the computers where I work are actually in field vehicles that rarely connect to the LAN to get patched. Or they are laptops at someone’s home. Or they are turned off every time you attempt to patch because the user is on vacation for 2 weeks.

        IT has become an after thought at most organizations these days. Nobody wants to spend the money on it that it really takes to make it work correctly.

        • cdr
          Jun 28, 2017 at 8:53 am

          economics and fraud is my other interest. As in monetary policy and the nutty excuses used to live on printed money and negative rates.

          IT people with silo mentalities were my curse when I still worked in IT. Now it’s just an aggravation I remember and suspect is a character trait of technical people in this industry. Thus my suspicion some people weren’t truthful about applying the update but probable got surly if they were questioned about it.

      • intosh
        Jun 28, 2017 at 7:44 pm

        cdr, because we operated on the explicit directives of rebooting our machines for deployment of said patch. Of course, if your point was that it might not be “really” patched because of lies, deceit or even compromised patch binary, then all bets are off.

        Anyway, I read that this new malware exploits new vulnerabilities.

        (I’ve been working in hi-tech for 20 years.)

    • RD Blakeslee
      Jun 28, 2017 at 8:16 am

      I assume your company has a plurality of CPUs. It sometimes happens that some don’t get properly patched, for whatever reason. It only takes one …

  11. Snotfroth
    Jun 28, 2017 at 3:49 am

    Oh but Wolf, there’s more to it than just the “eternal blue” exploit, which can be patched.

    Petya also apparently integrates a version of the nasty hacker tool called “mimikatz”, which really screws over a lot of corporate networks. It can extract administrator credentials out of memory, or craft fake administrator “tickets” that are used to spread the malware within the local network.

    So if Joe User calls the corporate help desk because Internet Exploiter is acting up again, and an administrator logs in to fix the issue, his password can exist in memory or as a hash for a long time, waiting to be harvested.

    I can also say from experience that the higher you go up the ladder in corporate IT, the less true technical expertise you find. Those near the top look good in suits and make great Power Point shows for the C-suite, but they may not understand the finer technical details of the LSA, NTLM hashes, Kerberos tickets, the krbtgt account, etc.

    With Windows 7 and up, it’s not just an issue of installing updates to harden against mimikatz, but often sweeping configuration changes to the domain. Sure everyone should disable NTLM, or prophylactically create new krbtgt password hashes, but I can see this causing all sorts of issues with “legacy” business critical applications and integrations (I think it might blow up Exchange), while the technical details of the threat are arcane enough to perhaps hide the danger.

    So, some (many?) of these companies were probably dealt a nasty surprise left hook by mimikatz plus the technical innards of Windows network authentication, rather than forgetting to run their Windows Updates.

    If you’re involved with corporate IT, have Windows 7 machines laying around (I bet you do), and haven’t heard of mimikaz, you better run to your nearest search engine and look up the UseLogonCredential registry value. IMHO it’s the best defense least likely to break something.

    • Kent
      Jun 28, 2017 at 8:43 am

      +1

      We had a security audit at my largish local County government operation in Florida a couple of years ago. The hacker they employed jumped in his car and started driving around our 100+ facilities (parks/libraries/etc…). He found a Fire Station where one of the firemen and brought in a wireless router running WEP from home, and had connected it to the internal network.

      Within 5 minutes, he had connected through the router to the County network. Within 30, he was a Domain Admin. He used mimikatz to get there.

      Within 48 hours the fireman was terminated, and I was red-faced in front of the County Manager. Lesson learned and not forgotten.

  12. walter map
    Jun 28, 2017 at 6:07 am

    To err is human. To really screw things up requires large-scale automated communications.

    It is a mistake to be so dependent on systems which are so prone to failure, but then, very few people really understand the nature of risk analysis, particularly how risks are multiplied by computers.

    Most people can be depended upon to treat such risks as Somebody Else’s Problem that Somebody Else Is Taking Care of and happily take such things for granted, because they have more immediate problems to deal with. It is usually a mistake to take things for granted, but you don’t want to get bogged down trying to deal in advance with everything that can go wrong, so what else can you do?

    It’s bad enough to get malware in your email. It gets worse when they get into financial systems or the controls for the electrical grids, and you sure don’t want SkyNet grabbing the nuclear codes. That would be bad.

    We Linux users don’t have these problems. Instead, we have other problems. Someday, somebody will come up with a more secure, more robust operating system that will displace the lame old leaky kernel Windows is based on, and then other problems will evolve.

    Presently, personal computerized automation and communication isn’t particularly subject to much in the way of regulatory structure, but in the future systems engineering and availability of certain computing capabilities will probably need better legal restrictions. As usual, people, and societies, will have to be protected from themselves, as well as from the power of their machines. Still, it doesn’t seem to be possible to perfectly safe and still get things done, so to a large extent you may just have to take the bad with the good and do the best you can. But don’t get lulled into a false sense of security.

    One simple way to manage risks associated with computing is to avoid using computing systems for things that aren’t really necessary. Despite what Silicon Valley tells you, you really don’t need them for every damn little thing you do. But lo! men have become the tools of their tools, as Walden warned, and therein lies the danger. And you may be better off not pursuing danger so diligently, so automatically, and so gratuitously.

    Maybe.

    • Jun 28, 2017 at 12:26 pm

      Beautiful comment, and +infinity for mentioning Walden.

  13. Petunia
    Jun 28, 2017 at 8:44 am

    An embedded system is software loaded onto a chip. These systems are usually directly written in machine language(Assembler) or compiled down into machine language code if written in a higher level language like C.

    Mostly they are written in Assembler and loaded directly onto the chip within the device. The operating system is usually a very very stripped down version of Linux. Once the system is embedded, it can only be updated if the software was written to allow it. Most systems are not written that way.

    For example: the embedded systems on the Star Ship Enterprise would be up-gradable, but your garage door opener would not.

  14. RD Blakeslee
    Jun 28, 2017 at 8:47 am

    Re avoiding “systems” (not just computing systems!) some of us do that, Walter. Walden comes to my mind, too. So do the protestations of the Luddites, who I think were just 300 years ahead of most of the rest of us.

    So, we are counter-culture at heart and pick and choose a little of “modern life” to suit ourselves.

    An example: My wife and I are old folks and it’s hard to keep the house clean. So we use a robot vacuum cleaner but will not connect it to any of the remote control systems available. We can still push the start button on the machine and we’ll let it go (literally – there it goes!) at that.

    • jb
      Jun 28, 2017 at 11:06 am

      i believe it is called “firmware” . the update process is called “flashing” . may firmware chips are cannot be “flashed”

    • walter map
      Jun 28, 2017 at 11:30 am

      ‘So, we are counter-culture at heart and pick and choose a little of “modern life” to suit ourselves.’

      Good on you RD.

      I’m no Luddite. Machines are ok in their place, but it’s clear they can be pernicious. It’s bad enough having to put up with The Matrix without having to join the hive.

      As for being “counter-culture”, well, I happen to like culture and think positive cultural differences should be preserved and appreciated. Unfortunately modern corporatism is co-opting them, crowding them out, and generally doing away with them because they’re insufficiently profitable.

      I’ve often noted that the U.S. has no culture: instead, it has marketing. It’s a bit doubtful one can be “counter-culture” towards a non-culture. I don’t suppose I’m particularly susceptible to marketing ploys.

      • RD Blakeslee
        Jun 28, 2017 at 12:53 pm

        Walter, I used “culture” in its broadest sense, which includes the modern corporate subculture and others

        The wife is a portrait painter and I built a classical French-Flemish double manual harpsichord in my younger days. Baroque music is an obsession of mine.

        some of my subculture remains, here and there.

        I am “counterculture” in the sense that I have no use for most of the subcultures in the U.S. today.

      • Thunderstruck
        Jun 28, 2017 at 2:32 pm

        “I’ve often noted that the U.S. has no culture: instead, it has marketing.”

        Bull doo doo.

        America doesn’t have an established culture drawn from a common ancestry like the Europeans, Asian, African and Middle Eastern “nations”. Our culture is a blend of all of the above. You just may not recognize it from afar.

        Our culture is broad and spread out over a very large area. There are regional adaptations of it that are very similar to the subtle differences in a common language. Just as there are different dialects of a language, the same can be said for our culture.

        Just think about the many, many styles of music attributed to regions here in the U.S.A. There are Memphis Blues, which can be contrasted to Delta Blues (is there any musical style known as Stuttgart Blues?). What about the MoTown sound, Jazz in all of its iterations, Bluegrass (my personal favorite) or Doo-Wop? Even (I cringe to mention it) “RAP” it credited as a product of our American culture.

        My particular brand of” American Culture (TM)” can be envisioned around a finely smoked brisket, a cold beer (Shiner Bock) and the music of Larry Joe Taylor or Johnny Bush providing background entertainment.

        • walter map
          Jun 28, 2017 at 5:47 pm

          That’s marketing.

          blockquote>Alas! for the South, her books have grown fewer—
          She never was much given to literature.

          J. Gordon Coogler

          When Guitar Hero enabled non-players to ape Robert Johnson licks da blooz became marketing. The U.S. hasn’t produced a guitarist of distinction since the bottom fell out of the business model.

          Blues is a natural fact, is something that a fellow lives. If you don’t live it you don’t have it. Young people have forgotten to cry the blues. Now they talk and get lawyers and things.

          I guess all songs is folk songs. I never heard no horse sing ’em.

          Big Bill Broonzy

  15. kam
    Jun 28, 2017 at 9:29 am

    This is the mountain that won’t be overcome, for robots to “take over the world.” Fallible humans created their DNA and fallible humans can destroy them. Even so-called “artificial intelligence”.

  16. thatblackwoman
    Jun 28, 2017 at 11:07 am

    walgreens pharmacy has been down for two days.

    • Kent
      Jun 28, 2017 at 11:21 am

      Great. Everybody’s prescriptions are held hostage for 300 bitcoins. And Walgreens’ CEO is googling “what is a bitcoin?” as we speak.

  17. mean chicken
    Jun 28, 2017 at 12:14 pm

    Well, Windows barely does much of anything anyway…. I have yet to determine why it’s necessary?

    • Jun 28, 2017 at 1:51 pm

      Without Windows, your Windows machine is a boat anchor.

      • walter map
        Jun 28, 2017 at 5:25 pm

        My boat anchor runs Linux.

        • Jun 28, 2017 at 6:13 pm

          My server that this site is on runs Linux. But it’s not a “Windows machine.”

        • walter map
          Jun 28, 2017 at 6:51 pm

          ‘But it’s not a “Windows machine.”’

          A Windows machine is one that can run Windows. But it doesn’t have to run Windows to be a Windows machine.

          My boat anchor could be booted up to the Windows XP partition or the Windows 7 partition, which isn’t likely to happen because I frankly prefer a boat anchor to an overrated leaky kernel.

          The only reason I don’t get rid of the Windows partitions is because I still access material on them with my boat anchor.

          It would be illegal to run a Mac OS on non-Apple hardware, but it is perfecly legal to run MAC software on non-Apple hardware. This workstation is not a Mac but it can emulate a Mac, which it doesn’t because I’m still feeling spiteful towards the late Mr. Jobs and do not presently have any use for his software. It’s very proficient, as boat anchors go.

      • mean chicken
        Jun 28, 2017 at 6:29 pm

        The long chain of disappointments is overkill for a reasonable rode. :)

    • fajensen
      Jul 4, 2017 at 3:17 am

      Gamer Boxes and most CAD tools like Altium Designer are Windows only.

      What I do, however, is to run windows in Virtual Machine(s). Makes it much easier to back up, roll-back and restore things. Maybe my next PC will only have vSphere Hypervisor on it as the “OS”, right now it seemed like overkill.

      For people caring about legality and such, a valid Windows 7 license key is about 10 EUR in Germany. It is legal to acquire one.

  18. alex in san jose
    Jun 28, 2017 at 7:11 pm

    This is why all my important records are on paper.

    I pay a little each month to get paper statements sent from my bank. I don’t even use ATMs since skimmers are being found all over my area (San Jose, California) but even before the recent rash of skimmers, I only need to see the bank once a week when I put my paycheck in. And in all fairness, I use Safeway or drug stores as an ATM, getting cash back along with a purchase. But less chance of being skimmed, there.

    This hacking shit is funny as hell. Who the fuck uses pirated copies of Windows these days? Windows 10 is free. Windows 7 is cheap to free. Back in the mid-90s, having a notebook full of codes to install Win95 on your friends’ machines was cool but now, why in hell would anyone use unauthorized copies of software that’s cheap to free?

    Especially for your business? Especially if your business is the size of Maersk??

    Evening before last, I mailed a large package by FedEx. No problem, load it on the hand truck and walk it up there, it’s only a mile. The paperwork was all pen and paper because “our system is down”. Was FedEx using pirated Windows they got off some highschooler too?

    • alex in san jose
      Jun 28, 2017 at 8:36 pm

      Followup: Just heard on NPR that FedEx indeed got attacked, no wonder it’s pen and paper over there.

      Welp, I have my written paper form and tonight will see if I can track my package.

      Just bought a student trumpet on a rent-to-own plan since I have real trouble coming up with the price of a new horn and I’m sick of used ones, it’s only $30-odd a month, and the IRS can’t take it from me because it’s not mine until it’s paid off. Got everything on paper, did everything face-to-face at a local music store.

      Now if the library will just bring their wooden wall of card catalog files back …

  19. Tang
    Jun 28, 2017 at 11:34 pm

    Move to Linux Mint 15 and later versions. It is free and as good. Small and efficient footprint.

  20. ML
    Jun 29, 2017 at 1:30 am

    Empires were built without computers and businesses managed perfectly well before the desktop PC was invented for the mass-market. I often think I was more productive before I started staring at a screen all day. I can remember becoming economically active (getting out of bed) when I woke up instead of sitting in the audience with an ipad on my lap.

    Computers have made us lazy. Computers might enable us to realise our dreams but we forget we used to dream before which is how we could afford to buy a computer in the first place.

    I wonder why we need more than one operating system and why it isn’t possible to create a new OS from scratch that isn’t full of holes. The answer to that an IT person tells me is rhat the people that know how to can’t be bothered.

    • Petunia
      Jun 29, 2017 at 11:08 am

      Operating systems are like societies, when open they are robust, when closed they wither. The more security the less access. There really isn’t any total operating system or internet security. Every patch to a current vulnerability opens up new opportunities.

      Think of the internet as a trip to a dangerous city. You are bound to have some fun, if you survive.

  21. Jonathan
    Jun 30, 2017 at 6:54 am

    I have no idea where the “pirated Windows can’t be patched” memes came from. The cracking tools to convert pirated copies to legit online-updatable versions have been everywhere for a decade at least, and MS doesn’t even bother fighting them.

    Ransomware or not, you are *stupid* if you are using a pirated copy of Windows and also left it uncracked.

    Embedded systems running outdated Windows are different beast altogether. Usually these are very specialized and expensive industrial equipment that are still running fine but completely uneconomical to replace or modify just for the sake of using the latest OS.

Leave a Reply

Your email address will not be published. Required fields are marked *