APT3 Threat Group a Contractor for Chinese Intelligence Agency

Recorded Future says its research shows clear link between cyber threat group and China’s Ministry of State Security.

Source

Advertisements

Wanadecrypt allows to recover files from Windows XP PCs infected by WannaCry without paying ransom

A security researcher developed a tool called wanadecrypt to restore encrypted files from Windows XP PCs infected by the WannaCry ransomware. The WannaCry ransomware made the headlines with the massive attack that hit systems worldwide during the weekend. The malicious code infected more than 200,000 computers across 150 countries in a matter of hours, it leverages the Windows […]

The post Wanadecrypt allows to recover files from Windows XP PCs infected by WannaCry without paying ransom appeared first on Security Affairs.

A security researcher developed a tool called wanadecrypt to restore encrypted files from Windows XP PCs infected by the WannaCry ransomware.

The WannaCry ransomware made the headlines with the massive attack that hit systems worldwide during the weekend.

The malicious code infected more than 200,000 computers across 150 countries in a matter of hours, it leverages the Windows SMB exploit Eternal Blue to compromise unpatched OS or computers running unsupported versions of Windows OS.

Microsoft took the unprecedented decision to issue security patches for Windows 2003 server and XP in order to protect its customers.

Now there is a good news for the owners of some computers running Windows XP that was infected by the WannaCry ransomware, they may be able to decrypt their data without paying the ransom ($300 to $600).

Wanadecrypt WannaCrypt ransomware

The Quarkslab researcher, Adrien Guinet, has published a software, called Wanadecrypt, he used to recover the decryption key required to restore the files on an infected XP computer. The expert successfully tested the Wanadecrypt software on a small number of infected XP computers, but it is not clear if the technique works on every PC.

Experts downplayed the discovery because Windows XP computers weren’t affected by the massive WannaCry attack. Still, but the Guinet’s method could be helpful to XP users hit in other attacks.

“This software has only been tested and known to work under Windows XP,” he wrote in a readme note issued with the software. “In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!”

Another popular expert, Matt Suiche, reported he was not able to use the WannaKey tool.

The WannaCry ransomware uses the Microsoft Cryptographic Application Program Interface included with Windows to implements most of its encryption features.

Once created the key, the interface erases the key on most versions of Windows, but experts discovered that a limitation on Windows XP OS can prevent this operation.

This implies that the prime numbers used in the WannaCry Key generation may remain in the memory of the machine until it is powered down allowing Wanadecrypt to extract it from the infected XP.

“If you are lucky (that is the associated memory hasn’t been reallocated and erased), these prime numbers might still be in memory,” Guinet wrote.

Anyone who has been infected by WannaCry should avoid restarting their XP computers to try to decrypt the files, the researcher is now working to extend the results of his discovery to other OSs.

Pierluigi Paganini

(Security Affairs – Wanadecrypt, WannaCry)

The post Wanadecrypt allows to recover files from Windows XP PCs infected by WannaCry without paying ransom appeared first on Security Affairs.

Source

Researchers say global cyber attack similar to North Korean hacks

Reuters Researchers say global cyber attack similar to North Korean hacks Reuters The United States accused it of being behind a cyber attack on Sony Pictures in 2014. An official at South Korea’s Korea Internet & Security Agency said on Tuesday the agency was sharing information with intelligence officials on recent cases reported …

Source: Researchers say global cyber attack similar to North Korean hacks

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.

Source: Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Sabre Warns Hotels: Card Data Potentially Compromised

36,000 Locations Use Breached Travel Giant’s SaaS System Travel industry software giant Sabre has alerted hotels that its software-as-a-service SynXis Central Reservations system – used by more than 36,000 properties – was breached and payment card data and customers’ personal details may have been stolen.

Source: Sabre Warns Hotels: Card Data Potentially Compromised