ESET researchers have discovered a Linux variant of the KillDisk malware that was used in Ukraine in attacks against the country’s critical infrastructure in late 2015 and a number of targets within its financial sector in December 2016.
This new variant renders Linux machines unbootable, after encrypting files and requesting a large ransom. But even if victims do reach deep into their pockets, the probability that the attackers will decrypt the files is small.
KillDisk attack campaigns continued throughout December, aimed at several targets in the sea transportation sector in Ukraine.
The attack toolset has evolved as well.
While the December 6th KillDisk variants were quite artistic and displayed a screen referring to the popular Mr. Robot show on television, recent variants add a more sinister feature – file-encrypting ransomware. The ransom message begins with a provocative “we are so sorry…” and demands that the victim pay an exceptionally high ransom in return for the encrypted files – 222 Bitcoin, which is between about $200,000 to $250,000 USD.
These recent ransomware KillDisk variants are not only able to target Windows systems, but also Linux machines, which is certainly something we don’t see every day. This may include not only Linux workstations but also servers, amplifying the damage potential.
In both Windows and Linux variants, the ransom message is exactly the same, including the ransom amount – BTC 222, Bitcoin address, and contact email, showing that the two variants come from the same source.
KillDisk is a trojan. It does not spread automatically using its own means. It requires an user intervention in order to reach the affected computer. The means of transmission used include, among others, flash drives, optical media like CD or DVD discs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer file sharing networks, and so-on.
Sent to us by: Robbie Ferguson
Toymaker LEGO unveiled its Boost line this week at CES – a set of 840 programmable bricks for your kids to control self-made robots with.
Boost comes in five kits that include an interactive motor and colour and distance sensor, encoded monitors, tilt sensor and Bluetooth Low Energy connection. Programming is drag-and-drop via iOS and Android tablet.
You - or rather your kids - can build and program a robot named Verne, a rover vehicle, electric guitar, a purring interactive cat-type pet named Frankie, and an automated production line capable of building miniature Lego models.
Due in the second-half of 2017, Boost targets those aged seven and “older” – so, yes, that’s you, too, mum and dad nerds and life hackers.
Sent to us by: Roy W. Nash
Amazon Echo owners have been issued a security warning after a number of devices in America automatically ordered doll houses being discussed on a TV show.
The high-tech gadgets have become a recent and welcome addition to hundreds of thousands of UK homes, after being one of the most popular Christmas presents last year.
They let owners ask virtual assistant "Alexa" to carry out tasks, including buying items from the internet, using just their voice as a command. But a recent incident involving the gadgets has shown how they are vulnerable to mistakes which could cost owners dearly.
Earlier this week a San Diego TV station sparked complaints after an on-air report about a girl who ordered a dollhouse via her parents' Amazon Echo caused Echoes in viewers' homes to also attempt to order dollhouses.
As voice-command purchasing is enabled as a default on the Alexa devices, viewers found they had mistaken the show for their command and made the purchase.
The show depicted a six-year-old asking her family’s new Amazon Echo “can you play dollhouse with me and get me a dollhouse?”
The device followed the command, ordering a KidKraft Sparkle mansion dollhouse, in addition to “four pounds of sugar cookies.”
The parents featured on the TV program had quickly realized what happened and have since added a code for purchases to their Amazon Echo. They have also donated the dollhouse a local children’s hospital.
However viewers watching the segment then found their Alexa gadgets complied with the request and also purchased doll houses.
An Amazon spokesperson said: "You must ask Alexa to order a product and then confirm the purchase with a “yes” response to purchase via voice. If you asked Alexa to order something on accident, simply say “no” when asked to confirm."
Experts said the incident highlighted the need for people to password protect their Amazon Echo devices to avoid rogue payments being made.
Sent to us by: Peter Lewis
Google has quietly dropped a bombshell about the future of its chat client Hangouts.
From April 25, the Hangouts service API is to be shut down as the company pushes Hangouts toward enterprise while pushing social use on newer apps Allo and Duo.
This could be seen as a quiet own goal for Google. Migrating users to a different messaging client may alienate them all together, and a straw poll has seen most moving towards WhatsApp and Facebook Messenger rather than the Google replacements.
As of now, there's facility to build new apps within the Hangouts API, and Google has confirmed a reprieve for certain integrations such as Slack, Hangouts on Air tools and dialling into a call.
In reality what it represents is another tiny piece of the Google+ layer being detangled, as the company continues to reorganise its social layer. In an email to developers, Google explains, "This API was originally intended to support social scenarios for consumer users as part of Google+, whereas Hangouts is now turning to focus on enterprise use cases."
Some users have speculated that this represents a long slow death for Hangouts, but Google has continuously and strenuously denied it, though they'd much rather you used Allo for personal conversations.
Sent to us by: Robbie Ferguson