Australia’s Cyber Security Expert Simon Smith aka eVestigator goes LIVE on Air with David Speers on Sky News on 28/6/17 to discuss the latest ‘ransomware’ threat
Personal Interview — Petya/NotPetya Ransomware affects Australia 28/6/17 16:30 AEST, LIVE ON AIR, SKY NEWS.
28/06/2017–4:30 PM AEST
As I made my way to the studio of Sky News, I put together this brief report:
Hold off on the Chocolate for a little bit Australia as the ‘Petya’ cyber attack had allegedly hit Australia — as to what extent and what method, it really is not 100%.
In Australia, it appears that:
- Hobart — Cadbury (Confirmed)
- DLA Piper — A large law firm (Confirmed)
- Maersk Sydney — (Now confirmed)
Australia has been reportedly hit by the alleged Petya/Not Petya Ransomware attack which not only allegedly exploits the same SAMBA weakness that WannaCry used, but with a variant of EternalBlue, attacking the unpatched Samba exploit leaked by the Shadow Brokers (port 445) open on servers infecting the spread locally, with the addition of also broadcasting itself across the network looking for local devices.
As to how it gets here like that, nobody knows. There is talk of potential phishing and potentially a Ukrainian Accounting Software Package called MeDoc that led to the outbreak but many sceptics argue that the scale and speed of the attack is far too broad for just that.
Even worse, it affects the MBR (Master Boot Record) of the PC, something of which is extremely malicious and stops you from being able to boot the PC properly as it affects the first few sectors of the Hard Drive. Samba is supposed to be used for network file and printer sharing across Local Area Networks. Patches have been issued many months ago by Microsoft for Windows systems, however boot level encryption is something only low level repairs can fix.
Corporates should have had bit by bit “BACKUP SYSTEMS” daily in place, especially in production and manufacturing environments of which I have had over 10 years experience in the full Software Development Life Cycle in, an industry you cannot spare a minute of downtime.
Companies need to have daily block by block, minute by minute backups and further, offsite encrypted backups following that. I do agree on one point the Government made, and that is “computer users should not be tempted to pay any ransom in exchange for unlocking a computer”, and well, now they can’t as the ransomware email has been shutdown.
I do however find that it is seemingly ironic of the Government to take this view considering their plan to fix Cyber Security Issues in Australia (and I have advised them of this and they have ignored) is to train and reward hackers (not Cyber Security professionals) in an attempt to circumvent what they have admitted to inadvertently perceive to be a Cyber Security shortage in an industry they know nothing about, when hacking is not at all Cyber Security, and not at all capable of handling the treat, instead it is encouraging the enemy.
There are serious concerns here for Australia I have regarding this, and it is the lack of quality in the development of software and solutions — combined with computer users not keeping up to date with basic patches and maintenance of their devices, and new software and product creator’s rush to market and non-training and avoidance of the Software Development Life Cycle that give hackers this power (which the Government intend to endorse). The increase in Cybercrime is typically wrongfully attributed to an alleged increase in ‘emerging technology’, this, I say, is not so.
I provided intelligence of all the stopping points on both the WannaCry ransomware by reverse engineering the thundercrypt bitcoin email trail and a variant that was fresh into the marketplace to replicate it, and neither Government took notice. Both trails led back to the United States, and both trails gave intelligence which would give access to VPN’s who would have connection logs of actual criminals.
Since the email in which one would pay Bitcoin to is taken down, that means that there is no means to fix this ransomware — but I would never encourage anyone to pay it anyway — and this view is shared by the Commonwealth. Never do business with criminals as it funds their next attack, and there is no guarantee you will ever even get a decryption code. I do however maintain that the Australian Government is investing in the wrong area, will do nothing but promote further Cybercrime, has in fact already promoted further Cybercrime due to its current inactions and failures, and is essentially sponsoring Cyberterrorism with taxpayer money.
I am a real world Cybersecurity practitioner who goes and sees the damage caused, remedies the issues, finds the cyber criminals, all of which Australia’s policing force does not do. The researchers that teach Cybersecurity and the curriculum of the “3 year degrees” or “8 hour exams” are beyond a mockery of the real world, and the Government seek to place people just out of their teenage years into large Corporations in Cybercrime crisis situations to instruct CEO’s and CISO’s on Corporate Strategy and mitigation. The teaching and practical experience they seek to use is by ‘hacking’ as a gamer would, which is a very simple, non commercial and unrealistic industry based real life Cybersecurity employable career.
My advice to real businesses is to:
- Patch your systems with Windows Update;
- Don’t let any person into your office that is unauthorised;
- Do not click on any attachment in an email you were not expecting, there’s no time for jokes.
- Do not insert anything into your computer somebody gives you.
- Get a backup solution that backs up your computer in a differential timeline approach so you can go back sector by sector to any second of time in the worst case scenario for any partition.
21yrs Industry Experience
Cyber Digital Forensic Investigator & Expert Witness
Master Computer Programmer
Cybersecurity and Cybercrime Expert