I worked a Maersk for a couple of years. This happened once before, we came in and all Maersk's machines were randomly shutting down.
I heard later a rumour that the reason the AV didn't pick it up was it was a 0-day (stuxnet derived before that was known) and it was literally targeting the SCADA systems on boats.. but that's also the plot of Hackers, so take that with a pinch of salt.
Anyway being the build/devops/tooling person on a project i burned 40 dvd's with eclipse and ubuntu and handed to them to the devs and they booted into Ubuntu and kept developing.
All was going fine until i got a telling off from the Corporate IT security team complaining that our unauthorised Ubuntu machines weren't running AV and so could be introducing viruses into the network.
After close to a decade of working in DK, I found their Big IT corporate processes resembling a Deathstar. Looks powerful from a distance, but flaws/inefficiencies can be discerned if you happen to be at close quarters. Also, they advanced ponderously. Which was weird because if you spoke to individual engineers in the teams, they seemed to know how things should be done. I was at Maersk same time as you, and I recall your team (ADLT!) eventually conjuring up some Vagrant machines for us devs, which were, it turned out, a pain to use since the AV kept interfering with the running VM's.
Ill see if I can find the episode, but did you know that the Stuxnet idea was first televised on an episode of Wonder Woman from the 70s? (Pre-dates hackers)
Nevertheless, I doubt the ability of AV softwares catch these unconventional Ransomwares. Anyone feels the security industry (apart from asking the user to update their OS to latest version) is capable of handling this?
New Petrwrap/Petya ransomware has a fake Microsoft digital signature appended. Copied from Sysinternals Utils.
I was sitting next to someone who wanted didn't close his laptop immediately when notified, 1 minute later it was too late.
Most of my colleagues went home, even if their laptop was not infected (also over de VPN) they are no allowed to start the machine. Some departments ask people to stay home tomorrow too. Those with MacBooks continue working. And externals.
I wonder if the plot of Hackers was derived from the fact that shipping companies typically keep a cash bounty in their on-ship safes to placate pirates should they come aboard, as (AFAIK) it is cheaper(?) to just pay off a pirate than deal with all the other factors?
Hey, FWIW we had to do some response for ransomware cases recently. There was a lack of decent stuff out there for how IT teams should deal with it. So we contributed to putting together this quick checklist:
One morning a colleague notices that a particular Windows share used by every EE in the multi-national company now contains encrypted files and generic request for ransom.
Highlight of the e-mail thread that followed:
"<Name of another coworker whose account was used to encrypt files>, virus again?"
Mearsk is kind of critical infrastructure - they carry a lot of freight. It's conceivable that if you took out a few major carriers like this for a week, you'd get widespread food shortages.
Any actual connection between this malware and XP?
Last time (WannaCry) after the usual initial "you should update" choir, it seemingly came out that after all it was not as vulnerable as initially thought:
[+] [-] simonvc|8 years ago|reply
I heard later a rumour that the reason the AV didn't pick it up was it was a 0-day (stuxnet derived before that was known) and it was literally targeting the SCADA systems on boats.. but that's also the plot of Hackers, so take that with a pinch of salt.
Anyway being the build/devops/tooling person on a project i burned 40 dvd's with eclipse and ubuntu and handed to them to the devs and they booted into Ubuntu and kept developing.
All was going fine until i got a telling off from the Corporate IT security team complaining that our unauthorised Ubuntu machines weren't running AV and so could be introducing viruses into the network.
Total facepalm.
[+] [-] hans0l074|8 years ago|reply
[+] [-] samstave|8 years ago|reply
Here it is... http://www.imdb.com/title/tt0750242/
An guess what the computer is called: I.R.A.C.
[+] [-] amrrs|8 years ago|reply
[+] [-] smartbit|8 years ago|reply
New Petrwrap/Petya ransomware has a fake Microsoft digital signature appended. Copied from Sysinternals Utils.
I was sitting next to someone who wanted didn't close his laptop immediately when notified, 1 minute later it was too late. Most of my colleagues went home, even if their laptop was not infected (also over de VPN) they are no allowed to start the machine. Some departments ask people to stay home tomorrow too. Those with MacBooks continue working. And externals.
In Rotterdam APM Terminals has shutdown.
[+] [-] dsacco|8 years ago|reply
[+] [-] samstave|8 years ago|reply
[+] [-] exhilaration|8 years ago|reply
[+] [-] r721|8 years ago|reply
>Russia, Ukraine, Spain, France - confirmed reports about #Petya ransomware outbreak. Good morning, America.
https://twitter.com/codelancer/status/879688596852101120
>Petrwrap/Petya ransomware variant with contact [email protected] spreading worldwide, large number of countries affected.
https://twitter.com/craiu/status/879689411419668480
Sample: https://twitter.com/benkow_/status/879692704724250628
Articles:
http://www.independent.co.uk/news/world/europe/ukraine-cyber...
https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomwa...
[+] [-] Vaanir|8 years ago|reply
[+] [-] onion2k|8 years ago|reply
[+] [-] samstave|8 years ago|reply
[+] [-] secfirstmd|8 years ago|reply
https://github.com/0xswap/guides/blob/master/ransomware-tria...
Would be great if more people wanted to add to it.
[+] [-] fest|8 years ago|reply
One morning a colleague notices that a particular Windows share used by every EE in the multi-national company now contains encrypted files and generic request for ransom.
Highlight of the e-mail thread that followed: "<Name of another coworker whose account was used to encrypt files>, virus again?"
[+] [-] pasta|8 years ago|reply
It almost looks like the virus has been slumbering in systems and today woke up.
[+] [-] vuln|8 years ago|reply
'Petya sees you when you're sleeping
Petya knows when you're awake
Don't click the link in that email or IR gets no break'
https://twitter.com/FourOctets/status/879700290395439105
[+] [-] nthcolumn|8 years ago|reply
[+] [-] e79|8 years ago|reply
[+] [-] NeutronBoy|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] Hoshea|8 years ago|reply
[+] [-] shubb|8 years ago|reply
[+] [-] r721|8 years ago|reply
https://twitter.com/martijn_grooten/status/87970508635999846...
It's also unclear whether Maersk is hit by Petya variant everybody talks about.
[+] [-] proyb2|8 years ago|reply
[+] [-] nulagrithom|8 years ago|reply
We have the security posture of a wet sock.
[+] [-] jaclaz|8 years ago|reply
Last time (WannaCry) after the usual initial "you should update" choir, it seemingly came out that after all it was not as vulnerable as initially thought:
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-l...
At least the computers running XP did not contribute to spread the malware in that case.