War against cyber attacks demands intense response

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

They are high-tech burglaries — only worse.

Cyberattacks are the electronic equivalent of war; instead of corpses scattered on the battlefield, businesses face the brunt of the burden, with commerce disrupted and psyches shaken.

A new and chilling form of terrorism, the attacks emerge from the murky world of the “dark internet” — a term which, unfamiliar to many, may become all too common.

We witnessed the damage, both real and potential, on May 7, when a criminal gang launched a ransomware hit against Colonial Pipeline Co.

The company, which says it transports about 45 percent of all gasoline consumed on the East Coast, shut down operations after the attack, causing a fuel shortage across the region.

Gasoline prices rose an average of 6 cents a gallon, according to the American Automobile Association, and motorists searched frantically for pumps that had not gone dry.

The federal government declared a regional emergency, allowing the transportation of fuel through tanker trucks instead of the 5,500-mile pipeline between New York and Texas.

How did the attack happen?

Described by the FBI as a Russia-based cybercrime group, DarkSide used malware to encrypt company files, threatening to leak the data it downloaded if its ransom demands were not met.

Colonial officials said a catastrophe was averted when the company, a day after the hit, paid a ransom of $4.4 million in bitcoin; U.S. officials later said they recovered $2.3 million.

“I know how critical our pipeline is to the country,” Colonial CEO Joseph Blount told the Senate Homeland Security Committee, defending his decision to pay the ransom. “And I put the interests of the country first.”

Both the government and the private sector must guard against the potential danger of these attacks. The enemies do not wear uniforms or brandish guns. They emerge from the dark labyrinth of the internet, and they are cold, calculating and brutal.

“The analogy would be I break into your house, and once I get access to…


The Linux Foundation’s demands to the University of Minnesota for its bad Linux patches security project

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

To say that Linux kernel developers are livid about a pair of University of Minnesota (UMN) graduate students playing at inserting security vulnerabilities into the Linux kernel for the purposes of a research paper “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits” is a gross understatement. 

Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch and well-known for being the most generous and easy-going of the Linux kernel maintainers, exploded and banned UMN developers from working on the Linux kernel. That was because their patches had been “obviously submitted in bad faith with the intent to cause problems.” 

The researchers, Qiushi Wu and Aditya Pakki, and their graduate advisor, Kangjie Lu, an assistant professor in the UMN Computer Science & Engineering Department of the UMN then apologized for their Linux kernel blunders. 

That’s not enough. The Linux kernel developers and the Linux Foundation’s Technical Advisory Board via the Linux Foundation have asked UMN to take specific actions before their people will be allowed to contribute to Linux again. We now know what these demands are.

The letter, from Mike Dolan, the Linux Foundation’s senior VP and general manager of projects, begins:

It has come to our attention that some University of Minnesota (U of MN) researchers appear to have been experimenting on people, specifically the Linux kernel developers, without those developers’ prior knowledge or consent. This was done by proposing known-vulnerable code into the widely-used Linux kernel as part of the work “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits”; other papers and projects may be involved as well. It appears these experiments were performed without prior review or approval by an Institutional Review Board (IRB), which is not acceptable, and an after-the-fact IRB review approved this experimentation on those who did not consent.

This is correct. Wu and Lu opened their note to the UMN IRB by stating: “We recently finished a work that studies the patching process…


New Ransomware Demands Discord Gift Codes Instead of Crypto

This site may earn affiliate commissions from the links on this page. Terms of use.

Ransomware is an unfortunate reality of the modern digital age, and you may think you’ve seen it all after major malware attacks like NotPetya and Maze. However, NitroRansomware has a new trick up its sleeve. Rather than asking victims to pay the ransom with cryptocurrency, it asks for a Discord gift card. 

You might be thinking that Discord is a free chat platform, and you’re right. Casual Discord users might not even know that there is a paid version of the service. For $9.99 per month, you can get Discord Nitro, which includes perks such as HD video streaming, more emoji, and larger file uploads. When buying Nitro, you can choose to apply it to your account or get a gift link. That’s what the latest ransomware is after. 

The malware reportedly makes its way onto systems by pretending to be a tool that allows the user to generate free Nitro gift codes, according to BleepingComputer. So, anyone who installs it will get very much the opposite of what they wanted. As with all other forms of ransomware, NitroRansomware sets up shop and encrypts the documents folder, appending a .givemenitro extension to the scrambled files. It also changes the user’s wallpaper to an angry Discord logo (above) before popping up the demand for payment. 

Victims of the ransomware are given three hours in which to buy a Nitro code and enter it in the box. When a valid code is added, the malware decrypts the files with an embedded key. That key is stored inside the EXE, making it possible to salvage your files without paying the price — it’s not the most sophisticated malware in the world. However, it does try to steal your data because why not?

The malware decrypts files after getting a valid Discord gift link, but the keys are static and hidden in the EXE.

Upon installation, NitroRansomware searches for the user’s Discord installation directory and copies the login tokens….


A ransomware attack but no ransom demands

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

The first sign of trouble came via an early-morning IT update last Sunday. Access to systems and services across the Nine Network was down and the issue was being investigated.

Updates of this sort are fairly routine in a large organisation and more often than not they amount to little more than a minor inconvenience. This one, however, was the first of many subsequent messages that offered little relief.

As it turns out, the system disruption picked up on Sunday – the gravity of which was relayed to Nine’s new boss, Mike Sneesby, as early as 3.30am – was just the first ripple from a ransomware attack that had compromised Nine’s corporate network. The assault not only temporarily knocked out Nine’s ability to broadcast programs in Sydney, it also threw the print production of its newspapers – The Age, The Sydney Morning Herald and the Australian Financial Review – into disarray.

Nine has contacted the NSW Police and AFP as it starts to restore its systems.

Nine has contacted the NSW Police and AFP as it starts to restore its systems.Credit:Bloomberg

Between 9.30am and 10.00am the full force of the hack, the largest cyber attack on a media company in Australia’s history, started to filter through to the business. The corporate network had to be unplugged in a bid to limit the spread of the contagion and staff were told to work from home. Every part of the business was affected, including payroll, and staff were told not to open suspicious emails or messages on social media platforms such as LinkedIn.

Nine’s broadcast unit and its publishing arm – which wasn’t the target of the hackers – are still slowly finding their feet. Broadcasts are back and the papers haven’t stopped being printed, but loss of the digital framework that underpins production has pushed the organisation to its limits. At this point Nine knows neither the identity nor motives of the hacker, although preliminary examinations suggest the use of ransomware software.

It could be months before things return to normal and while forensic teams continue trying to pinpoint the source of the attack, information security experts say carrying out such attacks is becoming easier every day.

Ransomware used, but no ransom demand