New Ransomware Crippling Chernobyl Sensors

[The BBC] reports Companies all over the world are reporting a new ransomware variant of WannaCry. this time it has taken out sensors monitoring the Chernobyl nuclear disaster site.

We have all heard of the growing problem of ransomware and how Windows XP systems seem especially susceptible to WannaCry and it’s variants which were originally zero day vulnerabilities stored up by the NSA then leaked by WikiLeaks. Microsoft did release a patch. It’s been everywhere in the media but it still seems that some people didn’t get the memo.

Ukrainian state power plants and Kiev’s main airport, among others, have been affected. Probably most interesting and scary of all is that Chernobyl monitoring stations have been taken out, and monitors have to take radiation levels manually for the moment.

It seems that most reports are coming from old Soviet Bloc states (Ukraine, Russia, and Poland), which raises the question of where the attacker is based. Kaspersky Lab is reporting that it’s believed the ransomware was a “new malware that has not been seen before” with a close resemblance to Petya. So as a result, the firm has dubbed it NotPetya.

NotPetya is spreading rapidly affecting companies all over the world with no signs of slowing just yet. Will we see an end to WannaCry variants any time soon.

[Update Thanks to [getrekt] , It now seems that this is fake ransomware which just destroys your data whether you pay or not.]

 

87 thoughts on “New Ransomware Crippling Chernobyl Sensors

      1. I figure why not just keep a clean image of the drives so when a system gets infected it can be got back up in running in the amount of time it takes to write a new image to the drive?

    1. I was talking about the title, but also this section:

      Probably most interesting and scary of all is that Chernobyl monitoring stations have been taken out, and monitors have to take radiation levels manually for the moment.

      The author is seriously mistaken about this. This is not scary at all… There is nothing wrong and absolutely nothing can happen at Chernobyl.

      To protect the workers on site regulations demand the radiation levels be monitored. These levels are background radiation and very constant, but need to be monitored to provide records of the radiation the workers are exposed to. These levels are nowhere near dangerous, but there are limits for exposure in a given time (months/years), so monitoring is key. If the records aren’t complete there may be liability issues.

      The sensors being down means a dude has to walk around a couple of times a day and jot the numbers down manually. A pain in the rear for the dude in question, but not a big deal at all.

      1. I agree, having spent 41 year being “that dude”, I can say we are more protected now from radiation from Nuclear “Any thing” Facilities/Plants here in the US as well as in Europe. The real worry (at least to me) is the huge amount of radioactive medical use isotopes being transported over public roads.

      2. They built that cover over Chernobyl because they already know the current/previous (however you wish to call it) enclosure will not last.
        So yeah something can and will happen, it’s just already dealt with.. hopefully.

    2. I meant scary as in the implications a bit of rouge code can cause, Sure Chernobyl isn’t in any danger but when major places such as this are affected it is scary to think what else is out there running XP unpatched??

  1. As ukrainian police stated, the main source of attack was fake update for m.e.doc – document exchange program massively used there. Later virus spread through Windows networks. Large number of issues in Russia and Poland is because of economic relations between these countries. It’s interesting how big and relatively located attack you can perform finding one weak place (update server)

  2. One question does comes to mind, “Who decided that it would be a good idea to put nuclear monitoring online ?”, I realise that it is a low priority, low risk system. And if the data really does need to be live and online, why not use UDP and the RX line in a RJ45 cable severed, upload only no download possible.

    1. Do we know it’s online?
      Could be separate network but all it takes is a usb stick or an engineers laptop to connect to the network and it’s comprised.
      I would have hoped the monitoring was secure and fault tolerant.

    2. I cant believe they are still using windows. Linux is cheap and easy. China and DPRK have Red Star Linux, why cant Russia get to a secure easy OS?
      I banned windows except for in the rare burner virtual sandboxes from my networks after a gnarly Nimda network infection in 2000 or so.

        1. Linux does really do much unless your a programmer.
          Wont run any comm9n productivity software, your hardware won’t work and no one can help you resolve the issues.

          Exactly what you want to governments wasting money on.

          1. This doesn’t matter for special-purpose systems. When you are customising, it’s possible that you have a lot more control over what goes on the system than you would for a general-purpose machine that goes to an untrained or lightly trained home or office user. And even for general-purpose computing Linux is becoming better, slowly and surely (although a bit unevenly – IMO some things have regressed since I first started using it in 2007 or so), with one prominent example being native gaming.

            I’m going to go ahead and say it: I’m too old for Windows, and I’m barely over 20. Windows of today is behaving like a spoilt little crying baby, all the time. Starting with the “Upgrade to Windows 10” silliness, I do not intend to use it for personal purposes unless I have to, except for games (and even that’s mostly on XP). It’s simply too much bother to use and maintain – slow install, uninstall and update for both the third-party software and the OS, constant spamming with notifications and trying to fleece you out of your money and/or forcing cloud and the stupid Windows Store apps on you. Not to mention that most AV software is equally as crybaby-ish as the OS, and I do not trust Windows Defender for anything beyond grandma-only machines.

          2. Ubuntu Forums or (now preferable IMO) StackExchange will gladly help you if you ask. And if you choose to install a less popular distro, it’s on you to find support since you are going off the beaten track. New users are in my opinion best served by a variant of Ubuntu or Linux Mint.

            Additionally, consider that unless your hardware is specialised or really cutting-edge, it will probably Just Work (TM) with Linux, unlike with Windows where you may have trouble with:
            a) vendor-provided drivers (which would include bloatware in some cases)
            b) obscure variants of your model which may be ever-so-slightly incompatible with your version of Windows drivers (meaning that you have to go Googling anyway – I had this at least once)
            c) hardware which is not supported any more on the newer Windows versions but still works fine on Linux

            Now, printers and WiFi are an entirely different basket of trouble and excitement on Linux, but even that is getting better, at least based on the stuff I’m interacting with.

            If things break on either Windows or Linux, it still takes as much Google-Fu and technical knowledge to fix it. An average Windows user wouldn’t be able to diagnose or fix a Windows issue as much as they couldn’t diagnose and fix a Linux issue. I often just give up in frustration when troubleshooting on Windows, since the troubleshooting and fixing process is so non-transparent compared to Linux. A lot of more serious system breakages simply resulted in a reinstall, as the whole setting up again from scratch would take much shorter than trying to diagnose what was wrong and/or trying to fix it.

        2. I’ve got a bunch of linux-users who aren’t able to write code. I only told them how the repo’s work / how they can install new software. And learned the to use Google / DuckDuckGo / StartPage to find software (alternativeto.net, etc).

          What’s your definition of “doesn’t do actual work”? The average Windows user isn’t capable of doing anything, only starting their programs. And if that fails they’re unable to investigate.

        3. the fuck are you talking about?

          need a web server? one command. done.
          want to pentest your network? theres an entire distro for that
          SSL vpn server? maybe five minutes
          RF spectrum scans? a dongle and a few commands. done
          LibreOffice?
          Millions of embedded devices?
          Smart cars?
          Matlab?

          We both use linux every day, for actual work, wether you know it or not.

          Whats your version of actual work? microsoft office? AOL?

          1. For a lot of people, Microsoft Office *is* the actual work. Not LibreOffice, because they need pixel-perfect rendering of their office documents. We are a bit more technical over here, but as much as I love Linux, it cannot be denied that for niche and office-based computer tasks, Windows has the market cornered. I wish Linux could slowly chip away at that, and it kind of does. It’s just really slow.

            In any case, I think that it’s really amazing that an tiny open-source hobby OS started by a single guy back in 1991 has gone so far and achieved so much. I say we should rock on and develop further.

          2. @anon – i dont really disagree with what you’re saying – sure *office* work usually needs MS…but to say linux cant be used for “actual work” is one of the most rediculous things ive ever read on this site. Just because the average Joe spends their day staring at some excel spreadsheet doesnt negate the fact that linux is used to power the backbone of the modern world…when Joe emails his spreadsheet out, checks some information online, uses his cell phone / voip to conduct a business call – i am 100% certain his data will transit a linux box at some point in the chain. If OP was specific in his statement about client systems or workstations – sure, most people use MS…but to say linux cant be used for “actual work”? get your head out of your ass. The whole world uses it every day.

      1. Its possible that the sensors themselves are using XP. There are a ton of blackboxed devices like sensor equipment, oscilloscopes, logic analyzers, dynos, ATMs etc etc that come with Windows CE and XP already on them and you really cant do anything about it.

    3. This is a really good question often…

      115 batshit stupid things you can put on the internet in as fast as I can go by Dan Tentler

      have a good laugh (or be scared)

    4. Because this is a “low priority, low risk system”?

      Just because it has ‘nuclear’ in the name doesn’t necessarily make it any more special than (for instance) a cat litterbox monitoring system.

        1. its just intersting that ppl like “Luke Weston” keep commenting some crap and try to make all those biggest man made disasters in known human history i.e. Chernobyl, three mile island, funkushima and so on, they seem like they have an agenda to make it look like it is harmless and no problem what so ever, and like they have something to gain from it, theyll come up with the carbon crap vs. radiation, i take my chances with the carbon emissins, at least something can be done to solve that, compared to radiation where there is no solution/ way to get rid of it, else radiation wouldnt be a problem, am i right? no im not looking for confirmation and comfort, im just upset that the whole world ignores Fukushima where it is still not solved and the spent fuel rods still are a major thread that can be even way more worse then the march 11 2011 disaster. damn the world its a GLOBAL problem the sea is 1 and the planet as well, what do they think the radiation will just stay there in fukushima?

          1. You know, just because you wish to choose a certain low-level harm rather than a small risk of catastrophic event, it doesn’t mean that it is the only sensible choice.

            Say, a nuclear power plant has a small risk of spreading radioactive pollution around it. When that happens, it does so in a single event that tends to get into news all around the world. A coal power plant definitely spreads pollution around it, part of it radioactive, but does so bit by bit across the few decades it is operational, so no-one is going to make big headlines out of that.

            How about the fallout in Fukushima. Soon after the incident, I saw reports of radiation levels in evacuated cities. The radiation levels there were nearly as high as the natural background radiation in my home city back then. The horror. I hope you excuse me if I’m not too worried about the radioactivity beyond the immediate vicinity of the failed reactor.

          2. I guess there’s still a thinking that there is too much money in nuclear power to endanger it.
            Even if this thinking just near bankrupted a giant Japanese company.

  3. Or just stop using windows OS in places offices, scientific facilities, scientific facilities, government computers …. etc
    Those computers are used there in most time only to typical office work or monitoring equipment or processes.

    1. I’d say the issue isn’t using Windows OS, the issue is not patching windows. Other OSs are vulnerable to ransomware attacks too. A lot of software companies produce proprietary software for Windows because it has a larger customer base, which means more sales, especially if its a niche market.

      Windows enabled systems tend to be more easily recognised by employees because there are more consumer grade equipment sold with windows pre-installed. If you’re advertising for a researcher position you will get less applicants if you put down ‘Must be proficient in Ubuntu or other Linux OS’ for that reason.

      Regardless of the OS, vulnerabilities exist in all, whichever OS is the most common will always be the one where those vulnerabilities are exploited the most.

      1. “the issue is not patching windows”

        It seems to be more of a combination of the reduced code quality of closed source (usually 2x the bug count) and the ever increasing size of closed source code. Open source isn’t immune to feature creep/bloat (see Chromium/systemd) but it’s limited to corporately backed projects in my experience.

        1. Another thing to remember with closed source there is a lot more people and thus brain power working to break things than there is working to fix it since only the official development team can view the source code.
          With open source there are many people looking at the source code so things are a little more equal as far as finding bugs and fixing them before exploits become common.

        2. Unpopular opinion – I think that it’s about time for systemd. I think that long term, Linux may be better off with a more unified and integrated “plumbing” like systemd appears to be trying to achieve, Lennart Poettering or not. Worst case scenario, at least we can fork it and make it into what the community wants to, unlike with closed-source products. Best case scenario, we have an OS that boots faster and keeps a lot of the low-level stuff more integrated, resulting in hopefully something quite stable from the user’s point of view.

          1. I Agree unfortunately.

            Systemd does boot a bit faster on my machines,
            the cherrytrail/baytrail systems only run kernel 4.10 and up, thus have systemd by default are also fast.

            .

            Further more, on the cherrytrail/baytrail SoC:

            Pulse audio (Latest) still has latency issues along side other issues*, though it may be the rt5640 configuration.
            At least the high CPU issue has finally been fixed.

            *i.e. tampering with ALSA when pausing tracks in a handful of programs and latencies are random, sometimes the track plays 1s before sound emits, yet cuts out because the ALSA mixers have been corrupt when pausing.
            Youtube videos in Firefox lags.. lol

      2. I’d bet the windows were not patched, because they were pirated, with turned off software updates. A common practice in the said “old Soviet block states”. At least it was, not sure about now.

      3. Yes and No for the Updates.
        I bet you the real issue is always Money.
        It you don’t have the manpower, in this case the techs to do the work.
        Then what do you think will happen.
        I’m sorry but I believe that the people that are running the world really don’t understand what there actions do.
        And they don’t care. They are gambling with our lives.
        And the most important thing is they are not accountable for there action.
        ———————————————————————————————

        We need to have in place something that makes the people at the top ACCOUNTABLE.
        And that also includes Prime Ministers, Presidents, Kings, and anyone else. From the bottom to the top.
        If you mess up you should pay for it.

      4. Patches only work after wikileaks reveals the hack so they can make patches, which is another ten years later.
        And right now the spooks have a whole range of new hacks we and MS do not know about yet.

        And then there is the question if some holes aren’t there deliberately, MS is a US company and those tend to ‘support the troops’ you know. And if it helps to fuck over foreign countries ‘what’s the harm?
        And what if the spooks pay off some MS workers to put some holes in without the company knowing? Money is attractive to people and the NSA has a sizable budget.

    2. Windows isn’t inherently less secure. It is simply targeted more because of it’s popularity and has a less technical userbase. Just as we’ve seen MacOS hit as it gains in market share. A lot of complacent Linux users are in for a big shock one day soon.

      1. Except that Windows is inherently less secure and what you are saying is just an often repeated fallacy. It is true that Windows’ popularity gives it a much bigger target on it’s back. It is also true that other operating systems such as Linux and MacOs being the large complicated projects that they are are sure to contain some vulnerabilities.

        It is not true however that Windows is in any way equally secure to those OSs. Linux and MacOs were each in their own way based on Unix. Unix is an operating system with a VERY long history of being used in networked, multi-user environments. Unix was designed to deal with multiple users while keeping what’s mine mine and what’s yours yours from the beginning. It has also had to deal with networking and it’s inherent dangers not quite since it’s beginning but very near it and much longer than Windows has even existed.

        Windows on the other hand is built on a legacy of consumer, not professional grade single-user personal not professional computer software. Windows was late to the game with both networking and multiple user support. These things were crudely tacked on to a system that was not originally designed with such things in mind all while maintaining compatibility with previous versions. It is only in relatively recent times (compared to Unix) that it has been pushed as a solution for serious datacenter use.

        To believe that running Linux, MacOs or any other OS makes you invincible is foolish but to believe that running Windows does not amplify your vulnerability is equally so!

        1. Windows 98 and before, sure that was single user. But modern Windows is based on the NT lineage, which is surely more secure and more capable of operating in a multi-user, network environment, isn’t it? Genuine question, as I don’t know this myself.

          Now as for security, yes I would agree that the attack surface is pretty significant. At the very minimum, for home use you get things like Adobe Reader and Flash and a dozen other closed-source applications which all add to that attack surface with security holes. On Linux in comparison, these would tend to have equivalents that are more secure, and those would be supported on almost a first-party basis in terms of patching security holes compared to the Windows patching approach from third-party vendors.

      2. Partly but the very telemetry and DRM features in Windows increases the footprint to look for exploits.
        The fact it’s all closed and they even want to hide what’s going on under the hood makes it more likely a a vulnerability will go undiscovered by the good guys.

      3. Your claim is naive and false, Windows was designed to be open unless locked down, rather than the older (wiser) Unix policy of having everything locked down unless opened up. It does make a huge difference on these older installations.

    3. Yeah I can’t see why anyone would want it other than the stupid asshats that produce certified software for it and that companies have to stay with the certified verified software of proprietary nature of receive fines and other penalties, many regulating bodies in these areas create a or find a reason for safety then over police it.

      The whole thing is a joke.

    1. It;s a virus they spread as wide as possible, and the purpose is to extort money, and everybody thinks things like nuclear power have big bucks and they figure they probably want to pay to make it go away.

      Also if it’s true that it started in Ukraine then perhaps it’s just something that’s familiar to them and the language is compatible seeing Chernobyl is in the Ukraine, so they can easier target them?

    1. Hmm, quite possible :)

      Although I would be more inclined that this is an anti-XP campaign to freeze out all the holdouts, rather than piracy. With certain methods it’s possible to have a pirated system that looks indistinguishable from a proper one, no cracks or system modifications involved. Crippling those kinds of pirated machines would mean accidentally damaging a lot of corporate people etc.

      1. MS sells many countries continued support for XP, including patches.
        So it might be beneficial to have them stick with XP so they can make some dosh that way.

        Also, the virus, the previous one at least on which this one is based, infected newer version of windows, in fact it used the bitlocker service to lock people out of files I’m told, and XP doesn’t even have bitlocker does it?

        1. They miss that point dont they?
          Though windows XP has a per file encryption tied to the login credentials, wipe the login password and you cannot recover the data. I wonder if there are known weaknesses in XP’s file encryption.

          it is in the file properties dialogue box and in advance button.

          Yes we from the XP days had dialogue boxes we can move around the screen and set things in one go, since vista it is now a hidden spaghetti of configuration pages in the file-manager program window on 2nd run of explorer.exe (after the desktop loads if it hasn’t already).

          windows 10, forget configuring it, sometimes it just starts afresh with the default MS-Know-Best configurations after an update.

          1. Yeah I really really dislike W10 and fear the time I can’t use older versions of windows anymore, basically because MS fucks you with driver support, and bribing companies to have things not work on anything but 10.
            But I guess I then have to learn to live without the software that we use windows for and just use linux stuff.

            I have W10 on a cheap product so I know for sure I don’t like it much BTW. From experience, from trying to control it, from trying to get rid of some MS nonsense I do not want and finding it rather hard to do and destabilizing.
            And I also know about their resetting settings, not just after updates but also in general, it just treats you as a damn subservient ‘dirty user’, and I don’t expect it to change at least until people like Nadella are gone. And unless Trump hires him I don’t see it happen any time soon.

  4. Okay. So no one watched NOVA documentary? Construction of the Tomb, over the Sarcophagus of the Central Reactor? We are talking about a system designed to ensure it doesn’t fart AND clean up the lump or cooled rad active lava that formed. I’m bummed out as they showed elaborate CAD work and the amazing effort to construct it. If this is because of people wanting to serve Lethe instead of Gaia. Is scarier then a nuclear disaster. Who about a article of Why new designs. (Thorium/Trinium and pebble bed raactor design is important.) Not to mention we HAVE to get off this rock if humanity is to have continued survival.. world should have forced Dubai to spend 50-75% of construction on Desalination and Greenhouses.

    1. What? You are thinking that some malware writers targeted computers at Chernobyl because they served some mythical river from Greek mythology that erases your memory if you drink from it?

      I don’t think glasses or touch screens are your biggest problem.

      1. I think he was being metaphorical, and referring to Hell in general, since Lethe runs through Hades. Hades / Hell generally being seen as full of rocks and fire, Gaia being full of nice plants and blue skies and folk music, like that Star Trek episode. A nuclear wasteland would be quite Hadean. Particularly radiation invisibly killing you, on a scale from hours to years, would’ve earned some Greek poems.

    2. Many people are fooled by Wikipedia articles about so-called safe unclear reactor designs, but if you look a little closer and a bit wider then you would soon realize those articles are written by or in service of people in the industry with a specific purpose and they deliberately distort the truth by leaving things out.
      So in the end you can assume you do not know how safe these things actually are. Some designs might be very good, but you won’t be able to actually know by reading Wikipedia when articles are agenda based.

    1. Actually yes, that even after an initial event they STILL have companies who didn’t patch shows you have to force them to do so by exposing them to reality.
      Don’t forget that this is based on crap from US dark orgs like the NSA and CIA, and if you are vulnerable to simple money scammers you are simultaneously vulnerable to those assholes and their politicians, and you don’t want that, and they can be much more devious than simple thieves.

  5. Cmon, its like get worried because of a car speedometer has stop working and the car is parked.

    Its just a sensor, its not even connected to na actuator like in a plane. That would be bad on a plane while flying, not relly a problem on a parked plane. And last time i checked Chernobyl hasn’t gone anywhere.

    1. They put that new cover over it because the old ‘temporary’ fix the soviets put in place is not expected to last AFAIK. And I for me imagine that when that cracks and the place floods with radiation you will want to know both that it occurred and to what extend and to know for sure the new cover is doing its job.

  6. Are there REALLY so many people out there who are (1) dumb enough to still use Windows for anything important, and (2) are connecting those machines to networks which allow them to talk to other Windows machines? Or using those machines themselves to connect to the Internet?

    Any example of this simply illustrates ineptitude.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s