GROUP RE-EMERGES TO TAUNT US SPIES
The day after a particularly virulent strain of ransomware burst across the globe, the mysterious Shadow Brokers group has re-emerged to taunt the U.S. National Security Agency.
It's a possible hint at the shadowy spy games being played behind the scenes of the cybersecurity crisis.
The Shadow Brokers, who have spent nearly a year publishing some of the American intelligence community's most closely guarded se- crets, posted a new message to the user-driven news service Steemit on Wednesday carrying new threats, a new money-making scheme and nudge-nudge references to the ransomware explosion that continues to cause disruption from Pennsylvania to Tasmania.
"Another global cyber attack is fitting end for first month of theshadowbrokers dump service," the group said, referring to a subscription ser- vice which purportedly offers hackers early access to some of the digital NSA's break-in tools. "There is much theshadowbrokers can be saying about this but what is point and having not already being said?"
Earlier, Kaspersky Lab said the massive cyberattack that has locked computers across the world involved a new malware.
The company said Wednesday that its preliminary findings suggest that it is not a variant of Petya ransomware, as some reports indicated, but a new ransomware that has not been seen before.
It named it ExPetr, noting that "while it has several strings similar to Petya, it possesses entirely different functionality."
The company said its telemetry data indicates around 2,000 attacked users so far. It added that organizations in Russia and Ukraine were the most affected, and hits were also registered in Poland, Italy, the U.K., Germany, France, the U.S. and several other countries.
It added that the cyberattack involved modified EternalBlue and EternalRomance exploits.
CONTAINED
The Ukrainian Cabinet said the malicious software has been contained. It hit Ukraine hardest Tuesday, with victims including top-level government offices, energy companies, banks, cash machines, gas stations, and supermarkets.
The Cabinet said in Wednesday's statement that the cyber-assault has been stopped and the situation now is under "full control."
It added that "all strategic assets, including those involved in protecting state security, are working normally."
Ukrainian railways said in a separate statement that the cyberattack has caused some disruptions with money transactions, but its operations haven't been affected.
Russia's Rosneft oil company said some of its gas stations have been affected by the outbreak of malicious software, but production operations haven't been hurt.
The company said Wednesday it's too early to assess the damage from malicious software that has crippled computers across the world.
It acknowledged that it has faced some problems, which are being dealt with quickly. Rosneft said cash registers at some of its gas stations have been affected, but didn't offer further details.
In Kremlin, the government said the ransomware attack highlights the need for close international cooperation in fighting cybercrime.
The data-scrambling software locks up computer files with all-but-unbreakable encryption and then demands a ransom for its release. In the United States, the malware affected companies such as the drugmaker Merck and Mondelez International.