Eset desarrolló un análisis sobre el nuevo ataque de ransomware que se inició en Ucrania, y cifró información de máquinas de todo el mundo, afectando compañías de distintas industrias como bancos, red eléctrica y empresas postales, entre otras. El ransomware (secuestro de información) es el término genérico para referirse a todo tipo de software malicioso que le exige al usuario del equipo el pago de un rescate.
“El día martes un nuevo ataque de ransomware dejó en evidencia que sigue habiendo sistemas desactualizados, falta de soluciones de seguridad y de planes necesarios para evitar una infección. Los ataques continúan creciendo y evolucionando, por lo que desde Eset seguimos apostando a que la prevención y la concientización son claves para evitar ser víctimas.”, aseguró Camilo Gutierrez, jefe del Laboratorio de Eset Latinoamérica
Con el fin de despejar todas las dudas en torno a este nuevo ataque global, la compañía comparte el siguiente cuestionario:
¿Cuáles son las características de este ransomware?
Se destacan tres aspectos que lo diferencian:
Cifrado: no solo cifra los archivos con una extensión determinada, sino que además intenta cifrar, generalmente con éxito, el MBR (Master Boot Record), que es el registro principal de arranque.
Propagación: tiene la propiedad de un gusano, o sea, puede propagarse a través de diferentes técnicas por la red logrando infectar nuevos equipos.
Exploit: hace uso de ellos para explotar vulnerabilidades en equipos que no han sido actualizados o no se les han instalado los parches correspondientes.
¿Es igual de poderoso que WannaCryptor?
Ambos tienen el mismo impacto: impiden el acceso a la información almacenada en el sistema. Sin embargo, este nuevo ataque no solo cifra la información que se encuentra en los equipos, sino que, luego de que se reinicia el sistema, deja inutilizable al sistema operativo, por lo que las víctimas se ven obligadas a realizar una reinstalación.
¿Qué es lo que hace exactamente esta amenaza?
Luego de que el ransomware es ejecutado, crea una tarea programada con el fin de reiniciar el equipo en un determinado tiempo, que no suele ser más de sesenta minutos. Además, verifica si existen carpetas o discos compartidos para propagarse.
A continuación, comienza a cifrar archivos que contengan una determinada extensión. A diferencia de la mayoría del ransomware, este código malicioso no cambia o agrega una extensión particular luego de cifrar cada archivo, una técnica muy utilizada por los atacantes para distinguir a los archivos infectados.
Por último, el malware intentará eliminar los registros de eventos para no dejar rastro alguno, como también ocultar sus acciones.
¿Cómo se propaga de un país a otro? ¿Llegó a Latinoamérica?
La propagación es una característica destacable de esta amenaza. Una vez que logra infectar un equipo, intenta extraer las credenciales del usuario para luego usarlas con PsExec y WMIC para realizar una búsqueda de carpetas y discos compartidos, y así propagarse por la red a la cual el equipo esté conectado. De esta manera, logra infectar equipos situados en distintos países y regiones.
Sí, llegó a Latinoamérica, en la mayoría de los casos a equipos de empresas multinacionales conectados en red con los de otras filiales en Europa o Asia, desde las cuales se propagó con su capacidad de gusano.
¿Qué se puede hacer para evitarlo?
Tanto en hogares como en empresas, contar con una solución antivirus es imprescindible. La misma tiene que estar correctamente configurada, contemplar qué puertos están abiertos y por qué.
Además, la red debe estar configurada y segmentada correctamente, y monitorear constantemente el tráfico para detectar algún tipo de comportamiento fuera de lo normal. Es esencial realizar un estudio detallado de la información más relevante y hacer backup de la misma, para que, en caso de que se cifre, haya una forma de restaurarla.
En cuanto a las contraseñas, es primordial llevar una buena gestión de las mismas, ya que si tan solo una de las máquinas infectadas posee las credenciales de administrador, podría infectar toda la red.
Si estoy infectado y no puedo acceder al sistema, ¿cómo tendría que avanzar?
Se podrían utilizar técnicas forenses para intentar correr en memoria otro sistema operativo y de esta forma acceder a los archivos cifrados. Sin embargo, no hay mucho que se pueda hacer más que aplicar el backup, lo cual sería crucial para evitar la reinstalación del sistema operativo.
En última instancia, si no hay backup, los cibercriminales siempre ofrecerán la opción extorsiva, pero desde ESET no sugerimos de pagar el rescate ya que mientras siga siendo rentable, el ransomware continuará creciendo.
¿Cómo están operando los atacantes? ¿Esperan un pago a cambio?
El proceso para recuperar la información es el mismo al que nos tiene acostumbrado este tipo de ataques. Una vez finalizada la infección, el ransomware emite las instrucciones, en donde los atacantes solicitan un pago en bitcoins, en este caso, equivalente a 300 dólares.
Pie de imagen: Aviso de que el equipo ha sido infectado.
¿Por qué se ha vuelto tan común el secuestro de datos?
Dentro de los puntos destacables se encuentran la falta de concientización y educación a nivel seguridad que tienen muchos usuarios y empresas. Una gran parte todavía no conoce el impacto que puede tener en un modelo de negocio un ciberataque hasta que es víctima y se ve obligada a pagar para recuperar su información.
Ante esta cuestión, a pesar de la velocidad con que circulan las noticias sobre ataques informáticos y los problemas que generan, los cibercriminales encuentran una motivación importante para continuar desarrollando nuevas amenazas.
¿El ataque está armado por una persona o un grupo? ¿Se necesitan conocimientos técnicos altos?
Resulta difícil pensar que una sola persona puede estar detrás de este ataque, ya que es una amenaza que incorpora varias técnicas en cuanto a exploits, propagación, y cifrado, así como para evadir medidas de seguridad. Sin embargo, no podemos asegurar cuántas son las personas involucradas en el desarrollo de un ataque de tal magnitud.
¿Se puede dar con los autores del ataque?
No por ahora. A diferencia de una botnet, por ejemplo, no hay un Centro de Comando y Control al que se conecte la amenaza como para rastrearlo y dar con los autores; y de usarlo, seguramente sería un servidor ajeno al cual atacaron para tomar el control y accederían desde TOR, logrando anonimidad. Por otro lado, el pago del rescate se hace en bitcoins y, por las características de esta criptomoneda, se hace prácticamente imposible rastrear su destino final.
Para más información ingrese al portal de noticias de ESET llamado WeLiveSecurity en: https://www.welivesecurity.com/la-es/2017/06/29/todo-sobre-nuevo-ataque-de-ransomware/
La donación de Bayer fue el primer cargamento recibido en almacenamiento seguro en la Ciudad de México donado por Kuehne + Nagel International, que servirá como centro principal de logística para Direct Relief México.
From the information received from the surveillance, both Elder Baili and the Foundation Establishment monks guessed that the two late stage Qi refining monks had gone to assassinate him, so it was normal for the items of the two late stage Qi refining monks to be in his hands.But under the infrared probe, the thermal image of Lao Si was clearly exposed to Li Shiming s eyes.
Usually this situation shows Jin Shufeng s special status.If he saves five breaths of time, he can also increase the maximum distance to three hundred meters, which is the farthest teleportation distance he can achieve.
If two are not enough, then use more. Of course, the middle grade magic weapon Gatlin needs to be controlled.He saw that the three foundation building monks of the Tie clan were still attacking, but the attack frequency was no longer so intensive.
He quickly analyzed and calculated his winning rate in the battle.When flying close to Duifeng, I received a reply allowing the assessment.
This is still skin, Yun Xingyi s muscles have stronger defense.At least until the problem of greater energy is solved, Li Shiming cannot equip Nezha with more powerful thermal weapons.
Hearing these familiar words in the world of cultivating immortals made him feel extremely bad.He gritted his teeth and said. Nowadays, the involution is very serious.
He knew about this formation. The formation s function was to transmit messages, scan the surrounding spiritual energy fluctuations, and be used for communication and warning.It is all rumors and the like. This can be regarded as satisfying the curiosity of the monks in the Qi Refining Stage about the elders.
Competitive. Hesitating in battle will result in losing the opportunity to enter the battle.Although the space here is isolated by spiritual beings with an insulating aura, he does not believe that this method can take him out of the Hundred Thousand Mountains.
Next to the spirit stone, three golden jade slips and one purple jade slip were suspended in the air, attracting his attention.The middle grade magic weapon Gatling is a real killer weapon.
They are waiting here, ready to watch the show. If Wang Chengjun comes back, it means that Li Yuanba, the true disciple, is finished.If one does not break through the Golden Core Stage, he will never be able to break through again.
Perhaps there are two branch spiritual veins heading towards Eagle Beak Island.It is estimated that even if all the sword cultivators in the Beishu continent are captured, there will not be this number.
Seeing the seven monks coming out, the Qi Refining monks from Beishu came forward without giving in at all.Elder Yin completely accepted this explanation without any doubt.
There is no need to worry about the problem of dizziness caused by spinning too much.You must know that he would not eat the middle grade Bigu Pill himself.
Li Shiming did not hesitate at all. He was convinced that his body s defense against high temperatures would not be harmed at least in a short period of time.He put the Light Body Technique in his hand and read several other books, Fire Bullet Technique , Object Expelling Technique , Sound Transmission Technique , and Freezing Technique.
Whatever he wanted to do, he put away the formation flag and moved on the valley wall towards the direction of Wei s station.He had been hit hard before, and now it was time to take revenge.
Xu Chuan, why are you hurt so badly Uncle Ma glanced at Xu Chuan and said while throwing out a bottle of pills.Besides, if you use a defensive weapon, you may suffer less damage.
In order to avoid getting Li Yuanba into big trouble, Li Shiming took his natal corpse into the computer room and used plastic surgery to modify his face.Under the control of his consciousness, it is no different from him in the outside world.
Otherwise, the world of immortal cultivation would not attach so much importance to the spiritual roots.If the genius monks are lucky enough, they may be able to go one step further and become a golden elixir monk.
Several of these monks also hid their faces, and even some of the stall owners hid their faces.He did not think he was qualified to ask about this matter.
What they were examining was the situation at one of the 128 nodes at the earthquake peak.This was specifically mentioned by Xu Chuan. He was not too confident about the channels here.
He canceled the Sword Escape, replaced it with the Flying Technique, and moved close to the ground towards the location where the sound was coming from.Physical labor such as spiritual mines is performed by monks.
This method of communication cannot see the other party s expression, and you always have to guess what the other party is thinking.He walked across the stone bridge and was about to return to his yard.
Li Shiming did not participate in the final auction of the super grade magic weapon.When he returns to the cave, through the ghost environment of the Netherworld Ghost Realm , the clone s injuries in the corpse refining state can be quickly recovered.
Originally, the mission this time was very simple. A monk who was doing things in the secular world would not be too strong.From Xiaosi Mo Yan, I learned that there is black stone in a nearby mountain.
But it s different when Elder Sheng takes charge. Elder Sheng has nothing to do with Li Shiming.Judging from the situation in the pit and surroundings, the power of this blow is extremely amazing, even exceeding the power of ordinary Qi refining in the later stages.
Moreover, when the clone practiced the Bing Xin Jade Thought Technique , the spiritual thoughts improved a little too fast, even exceeding the improvement speed of the main body s spiritual thoughts.After entering, there was a main hall with hundreds of stone tablets erected in it, which looked extremely strange.
While he was watching, the transparent flying boat stopped, and the five monks spread out to outflank him.Sword Intent, this is a sword cultivator He exclaimed.
That day, he was chased by the four clawed dragon demon.I can only hope that the true disciples can contain this half step Arhat Elder Jindan shook his head and sighed.
She had spent some time with Li Shiming, had seen Li Shiming s combat power, and knew the defense of Li Shiming s turtle shield.The monk of Wanfo Sect had a chance to break away from the battle.
He sent a message to Yu Yongan from Qianlong Trading Company to order a high grade metal sword.The rest are top grade magic tools. Even the top grade magic tools are of extremely high quality.
Mo Yan, you should study hard with Manager Zhang and be more stable Li Shiming turned to Mo Yan and confessed.This is the country s most important talent training channel.
No matter which sect, The Jindan elders are extremely mysterious.Monks have many invisibility techniques, but most of them are of little use to monks.
No matter whether Mr. Wang s bodyguard was out of helplessness or not, it was a fact that he was threatened with poison.His consciousness entered the computer room space. In the computer room space, there was a long pipe.
But it s different now. A piece of third grade metal is placed in front of him.This kind of fighting experience is not much, even the slow enemies have at least one or two explosive methods.
Look at your appearance, how can you be worthy of Fairy Yin You are a piece of garbage with three spiritual roots.What a joke, the Qi Refining monk is not a monk except his son.
If he wants the sect s foundation building monks to handle this matter, only if he dies in Zhongdu can the sect send the foundation building monks over.No matter whether it is the Seven Sects monks or the Northern Shu Qi Refining monks, they have no right to take the initiative to admit defeat.
The world of Immortal Cultivation in Northern Shu is called chaos , and the emergence of the Senluo Order is only a small aspect of it.He has experienced too much in the world of immortality and has long been accustomed to being on guard.
All the secret books here are from the Ten Spiritual Stones stall owner Zhang replied in a deep voice.Boom , the attack of the three powerful talismans only made a loud sound.
I like flowers and plants very much. Thank you, Second Senior Brother and Third Senior Brother Li Shiming smiled quickly.As for the spirit insects, under the intensive attacks of sword light and sword intent, each body was broken into several pieces.
After a soft introduction, she stood behind her father, Elder Yin.However, with Li Shiming s reminder, he quickly discovered something unusual.
Even if he did not use the Foundation Building Pill , there was a certain probability of successfully breaking through to the Foundation Building stage.Elder Yin did not participate in the battle. After the battle here, he notified the elders of each sect to come and look for the enemy.
It is a medium grade defensive weapon. I will charge you three hundred spirit stones The old monk nodded hurriedly.Weapons in the golden elixir stage are called magic weapons.
Today, I sold it again to Aoming Technology, which was backdoored by Xingyu Technology.Hua Yu was not at home, but working at Stars Capital.
the Shanghai Composite Index finally closed up 0. 35 at 2315.In the recent period, when the concept stocks of Galaxy Group have been hitting their daily limit continuously, the big financial sector has been very excited.
Now the investors who won the lottery for Xingyu Technology have already received text messages, and the stock trading circles are basically discussing it.After the market opened, Quantitative Capital quickly rushed to the price of 43.
As long as the market falls, the stock will rise, so it s okay to be bold and buy the bottom when the market falls.Last year, he earned more than 50 billion yuan from going long in the A share market.
Of course, this is also reflected in Xingyu Technology s operating costs, which are far higher than those of its competitors.Tian Jiayi nodded to himself thoughtfully, it is indeed a very good one to be linked to his personal medical credit rating.
They then use these profits to amortize R D costs, and products are soaring under Moore s Law.My colleagues are so envious Lingke TV will probably become the largest platform in the domestic online live broadcast field.
To put it more down to earth, at this time, you must develop steadily and not be reckless.The hacker in the video claimed that in order to reveal the truth and uphold justice, he hacked those social networking sites and claimed responsibility for the network intrusion.
The reason for the surge is the expectations brought about by the listing of a series of subsidiaries of Qunxing Capital.There was such a huge demand for computing power. and data needs However, this also made many people realize that Chen Yu was really spending real money to invest in technology development.
but was tricked into it by the good news. The index gapped down by 1.The exploration site in this video material is located in the upper reaches of the Yellow River Basin.
Since this company joined the Xingyu Technology supply chain system, the company s stock price is Rising steadily all the way, it is one of the few stocks in the two A share markets that bucked the trend and strengthened under the bear market environment.Throughout September, the market index fell into dog territory.
In fact, the same is true for animals in nature. when the living environment becomes harsh, animals will reduce the behavior of breeding offspring.Qunxing Capital is not hot money. Even if the hot money is doubled 10 million and earns 100 million, the 90 million earned can be thrown into a few steel shops in the market.
On Wednesday, September 25, the stock price of Quantitative Capital broke the limit for the first time, with the stock price falling to 203.5 billion from QunXing Capital. MiHoYo s post investment valuation was RMB 7 billion.
It actually told me the position of the exhaust valve, and also asked if I wanted to search for pictures
The man was surprised. The contact entries generated were so powerful.4 billion yuan. Moreover, the market is so strong that it holds high and the holders have little desire to stop profits.
This is the result of Fang Hong s massive investment in the semiconductor field by Star Capital over the years.Since the market pulled up a strong positive line last Friday, it has not continued to hit new highs this week, breaking through the high point of 2145 hit last Friday.
When the United States and the United States start to fight a technology war, Qualcomm will definitely lobby harder not to do so, and will try its best to help Xingyu Technology speak up.People who bought today were relieved after the shock in the market and expected to double the amount of meat, but now they were dumbfounded.
If he stepped into the room with his left foot first, he would be fired directly Or if you get the handle, send the person in directly to step on the sewing machine
The next morning, Fang Hong came to the Quantitative Capital headquarters again.256 billion yuan. What is this concept In the past year of 2011, Xincheng s total fiscal revenue for the year, excluding the tax paid by Qunxing Capital, was approximately 139 billion yuan.
71 at the end of the day. The stock price closed at 169.This is a counterattack. Foreign countries are now planning to stop selling our lithography machines.
There are quite a few people who seem to have been infused with inexplicable courage.Senior Brother Xiang is in the ninth stage of the True Law.
As for Yu Li s blow, since it was taken, there was no reason for it to miss.Two people from the east, two people from the west, Walk towards each other.
Come on. When you re done, just light the fire with the green flint and ignite it.This is the reason why after this person used the magic method of leaving the body with his gloves, his hands, which were only a few feet in size, were able to block nearly half of the damage in one fell swoop.
Qingquyu looked even more disbelieving and said Gui Taoist friend
are you saying that the ancestral domain will be unified and there will be no more chaos Which hero, who has not been born for thousands of years, can do such a thing Gui Wu Jiu smiled and said, You don t dare to be a hero who has not been born for thousands of years.
Everyone looked up and looked at each other, with astonishment on their faces.Now he can help temporarily, but it is beyond his imagination.
As soon as Jiang Minyi s punch came into contact, the complete attack power immediately turned into full repulsion power.With Xi Lerong s advanced realm, it is not difficult to catch the slightest abnormality.
The real reason is that Gui Wujiu, as this dome The true core is suddenly closely connected at this time, and external forces are naturally absorbed and endowed with spirituality.Xi Zhenzi and Mr. Li. Passing through the court mountain area of Dajue Mountain, a half decayed Yin Yang Cave was found by the last use of this cave, it collapsed and its traces were covered.
Because I don t like its greasy nature, I almost never eat it Fei Nan smiled lightly and said Why should you be surprised The sky is like this, the earth is like this, the sun is like this, and the moon is like this.However, Xi Lerong Yingyuan s scorching gaze fell on Xi Lerong without hesitation apart from not believing it, There seems to be another difficulty in letting go.
Gui Wujiu s journey to break through the realm, Ziwei Sword gained a lot, but no matter how much it was, it was not as much as the little blacksmith.Mo Tianqing said silently in his heart Bao Yue Kongyin, the Great Demon Lord.
One step wider, including those who have influence, know their way and hear their names, the scope is much wider roughly eight tenths of the important places in the Ziwei world that are rich in resources, outstanding people, and have good luck are included.Just now, Teng Ziliang was the first outstanding character but the person in front of him has greatly improved.
If you take the path of detailed analysis and detailed observation, you can only get a complete and slow glimpse of the whole picture, which cannot be reflected in your heart But if you add the best forbidden method to deduce the secret technique, there is still a chance.The words surrounding it, with writings the same size as those in normal books, are the secret scriptures of various clans in martial arts.
If it is expressed in words, no matter how voluminous the volume is and the words and sentences are carefully chosen, it will still be slightly distorted.I would not have thought that the display of boxing skills in this cultivation way is actually completely redundant.
Qin Menglin reached out and flicked it, and the image of the soul pearl flashed from his palm.The four of them turned to look at each other at the same time.
Liang Zhenjun was startled and said Yes. Just go to the Jiuzhuan Lingguang Palace.When they first mentioned it, Xian Dao and Ying Yuan asked about the situation of the two formations of the Dragon Clan and the Phoenix Clan, and said that they had a way to deal with it.
The length of time the Wait Array persists is the same.But Gui Wujiu had already made up his mind. Since I have been able to complete the path to enlightenment so far, I will definitely be able to complete this wonderful deed.
The shadow of the fist is in front, and the shadow of the toad is behind.Just one breath after Dongfang Wanqing said twenty breaths , Feng Qing entered the battle, and Long Yun was in the rear sweep formation.
There is only one flaw Taoist friend You Caixin does not yet have the combat power shown in your imagination.Xu Muyin frowned, but stepped back continuously. Just as the rabbit was rising and the falcon was falling, the situation of the battle seemed to be somewhat beyond his expectation.
Look at this baby image. It stands firm immediately after landing, and its big eyes are bright and lively.Xiandao and Yingyuan did not really want to escape and hide with them.
It can quickly analyze the pros and cons, check and balance the solution
While speaking, Qin Menglin s voice was erratic, and he returned to the way he had just reformed Mo Tianqing.Even if he doesn t have such shocking achievements today, this status alone is enough to be transcendent.
In other words, Gui Wujiu s wonderful idea of the combination of his own paddle wheel, the sword s paddle wheel, and one of the nine branch paddle wheels, the three paddle wheels , could not be completed for a while.
Eset desarrolló un análisis sobre el nuevo ataque de ransomware que se inició en Ucrania, y cifró información de máquinas de todo el mundo, afectando compañías de distintas industrias como bancos, red eléctrica y empresas postales, entre otras. El ransomware (secuestro de información) es el término genérico para referirse a todo tipo de software malicioso que le exige al usuario del equipo el pago de un rescate.