Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

UPDATED – Two Possible Links Tie Wannacry to Lazarus Group

Symantec Security Response – UPDATED – Two Possible Links Tie Wannacry Ransomware to Lazarus Group

UPDATED

Symantec has uncovered two possible links that loosely tie the WannaCry ransomware attack and the Lazarus group:

• Co-occurrence of known Lazarus tools and WannaCry ransomware: Symantec identified the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry. These earlier variants of WannaCry did not have the ability to spread via SMB. The Lazarus tools could potentially have been used as method of propagating WannaCry, but this is unconfirmed.

• Shared code: As tweeted by Google’s Neel Mehta, there is some shared code between known Lazarus tools and the WannaCry ransomware. Symantec has determined that this shared code is a form of SSL. This SSL implementation uses a specific sequence of 75 ciphers which to date have only been seen across Lazarus tools (including Contopee and Brambul) and WannaCry variants.

While these findings do not indicate a definite link between Lazarus and WannaCry, we believe that there are sufficient connections to warrant further investigation. We will continue to share further details of our research as it unfolds.

A virulent new strain of ransomware known as WannaCry (Ransom.Wannacry) has hit hundreds of thousands of computers worldwide since its emergence on Friday, May 12. WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting a critical vulnerability in Windows computers, which was patched by Microsoft in March 2017 (MS17-010). The exploit, known as “Eternal Blue” was released online in April in the latest of a series of leaks by a group known as the Shadow Brokers, who claimed that it had stolen the data from the Equation cyber espionage group.


© Scoop Media

 
 
 
 
 
Business Headlines | Sci-Tech Headlines

 

Skodafone Goneski: Sky TV, Vodafone Drop $3.44 Billion Merger Plan

Sky Network Television and Vodafone New Zealand have terminated their merger agreement which aimed to create the country's largest telecommunications and media group, and have withdrawn an appeal against the Commerce Commission's rejection of the plan. More>>

Quake Insurance: Reforms To EQC Act Announced

· Increasing the monetary cap from $100,000 (plus GST) to $150,000 (plus GST) for EQC building cover.
· Clarifying EQC land cover is for natural disaster damage that directly affects the insured residence or access to it... More>>

ALSO:

Reserve Bank: Official Cash Rate Unchanged At 1.75 Percent

Global economic growth has increased and become more broad-based. However, major challenges remain with on-going surplus capacity and extensive political uncertainty... More>>

Kaikōura Earthquake: Private Insurers Receive $1.8b Claims

Insurance Council Chief Executive Tim Grafton said most is for commercial loss at $1.36 billion, with residential claims amounting to over $460 million. “...We have a high level of confidence that most people will have received settlement offers by the end of this year." More>>

ALSO:

Forms And Data: New Proposals To Simplify Personal Income Tax

The Government is proposing to make tax simpler for individuals, with people whose only income is from a salary, wages or investments no longer being required to file tax returns to receive tax refunds or to calculate any additional tax. More>>