Exclusive: Wannacry hits Russian postal service, exposes wider security shortcomings

UNTV News   •   May 25, 2017   •   3195

A woman walks past a branch of Russian Post in Moscow, Russia, May 24, 2017. REUTERS/Maxim Shemetov

Russia’s postal service was hit by Wannacry ransomware last week and some of its computers are still down, three employees in Moscow said, the latest sign of weaknesses that have made the country a major victim of the global extortion campaign.

Wannacry compromised the post office’s automated queue management system, infecting touch-screen terminals which run on the outdated Windows XP operating system, one of the workers said. Terminals were still blank in some parts of Moscow this week but it was not clear exactly how many branches had been affected.

A spokesman for Russian Post, a state-owned monopoly, said no computers were infected, but some terminals were temporarily switched off as a precaution. “The virus attack did not touch Russian Post, all systems are working and stable,” he said.

Other institutions in Russia have said they were infected by the virus, highlighting Moscow’s readiness to show it too is a frequent victim of cyber crime in the face of allegations from the United States and Europe of state-sponsored hacking.

The Interior Ministry, mobile operator MegaFon and state rail monopoly Russian Railways all reported infections, with employees locked out of their computers and the creators of the virus demanding ransoms of $300 to $600.

The Russian central bank said on Friday the virus had also compromised some Russian banks in isolated cases.

That the infected post office terminals ran on Windows XP – which Microsoft stopped supporting in 2014 – points to the widespread use of outdated software in Russia, which experts say left the country disproportionately vulnerable to the attack.

Of 300,000 computers infected worldwide, 20 percent were in Russia, according to an initial estimate by cybersecurity researchers last week.

Globally, few ransoms have been paid after many victims found they could restore their systems from backups.

The post office outages also illustrate what investigators say is a common misconception about Wannacry: infected computers are more likely to be part of antiquated systems not deemed important enough to update with the latest security patches, rather than machines integral to the company’s core business.

“Many companies in Russia use outdated unpatched systems and older anti-malware solutions,” said Nikolay Grebennikov, vice president for R&D at data protection company Acronis. “In big companies upgrades are hard to perform and avoided because of budget and scale.”

SCRUTINY

Russia’s relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers. Moscow has denied the allegations.

Investigators are yet to track down Wannacry’s criminal authors, saying they likely used a hacking tool built by the U.S. National Security Agency (NSA) and leaked online in April.

It has not previously been reported that the Russian postal service, which employs more than 350,000 people, had been hit by the virus.

“The head guys rang on Thursday and said we had to turn off the terminals immediately. They said this extortion virus had infected them,” a worker at a branch in northwest Moscow said, declining to be identified discussing internal company matters.

“They rang again yesterday and said we could turn them back on. We did that, but you can see they still don’t work.”

Employees at a second post office confirmed the electronic queuing system was broken but said they did not know why.

Two sources at Russian Railways said the company had suffered a “huge” cyber attack and a small number of computers were infected without damaging any important files.

The extent of the damage had been limited, one of the sources said, because a lot of computers were turned off at the end of the working week. “We were lucky it was a Friday night,” he said.

Megafon, which is Russia’s second biggest mobile operator, declined to comment on how the virus had got into its system.

It said the virus had caused a temporary outage of its customer support services. “Our sales points suffered worst of all because Windows, which had the exploited vulnerability, is more widely used in retail,” a company statement said.

COMPUTER PIRACY

The frequent use of pirated software in Russia also helped spread the Wannacry infection, investigators said, as unlicensed products do not receive security updates.

Reuters has found no evidence any of Russian companies infected with the Wannacry virus were using unlicensed software.

But computer piracy is a long-standing issue for technology companies in Russia, one which has as become increasingly acute as the country’s economic slump and falling earnings make licensed products prohibitively expensive.

Data compiled by the BSA Software Alliance trade group shows 64 percent of software products in Russia were pirated in 2015 – a black market industry worth $1.3 billion – compared to a global average of 39 percent.

“Piracy is still wide spread in Russia, especially if we are talking about home users,” Grebennikov said. “This is because of poverty. If an operating system costs say 500 rubles, people would buy it.”

Microsoft’s Windows 10 operating system currently costs around 8,000 rubles ($140.92) in Russia, around a fifth of the average monthly wage of 39,000 rubles. Online, the same product can be illegally downloaded for free. — By Jack Stubbs | MOSCOW

(Additional reporting by Gleb Stolyarov and Maria Kiselyova; Editing by Philippa Fletcher)

DFA: No Filipino casualty in Aeroflot plane crash in Russia

Marje Pelayo   •   May 7, 2019

MANILA, Philippines — The Department of Foreign Affairs (DFA) on Tuesday (May 7) reported that no Filipino casualty was recorded in a passenger plane mishap in Moscow, Russia.

“The Philippine Embassy in Moscow reported that there were no Filipinos among the 76 passengers onboard the plane,” the DFA said in a bulletin on Tuesday.

According to reports, at least 41 people on board Aeroflot SU 1492 were killed, including two children.

Meanwhile, 14 others received outpatient treatment and nine people were hospitalized after the crash.

The aircraft crash-landed in Sheremetyevo Airport before it burst into flames.

On his official social media page, Ambassador to Russia Carlos Sorreta confirmed that no Filipino was hurt in the incident.

“We would like to confirm that there were no Filipinos on board flight SU1492 from Moscow to Murmansk which caught fire at Moscow’s Sheremetyevo airport on Sunday,” he said.

“We wish to reiterate our expression of sympathy to the families and friends who lost their loved ones and pray for the safe recovery of those injured,” he added. –

According to authorities, the plane was forced to return to the Sheremetyevo Airport due to technical problems. It suffered engine fire after it crash-landed on the runway. – Marje Pelayo

41 reported killed after Russian passenger plane crash-lands in Moscow

Marje Pelayo   •   May 6, 2019

The rear part of a Russian Aeroflot passenger plane bursts into flames after crash landing at a Moscow airport | Courtesy: Reuters

RUSSIA — Forty-one people on board a Russian Aeroflot passenger plane were killed on Sunday (May 5), including two children, after the aircraft caught fire as it made a bumpy emergency landing at a Moscow airport, Russian investigators said.

Amateur footage showed the Sukhoi Superjet 100 crash bouncing along the tarmac at Moscow’s Sheremetyevo Airport before the rear part of the plane suddenly burst into flames.

Many passengers on board SU 1492 then escaped via the plane’s emergency slides that inflated after the hard landing.

The plane, which flew from Moscow to the northern Russian city of Murmansk, had been carrying 73 passengers and five crew members, Russia’s aviation watchdog said.

Yelena Markovskaya, a Russia’s Investigative Committee official, said in a statement that only 37 out of 78 people on board had survived, meaning 41 people had lost their lives.

No official cause has been given for the disaster.

The Investigative Committee said it had opened an investigation and was looking into whether the pilots had breached air safety rules.

Some passengers blamed bad weather and lightning.

President Vladimir Putin and Prime Minister Dmitry Medvedev expressed their condolences and ordered investigators to establish the cause of what had happened. (REUTERS)

Russia says hackers stole more than $17 million from its banks in 2017

UNTV News   •   February 14, 2018

FILE PHOTO: A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. REUTERS/Kacper Pempel

MAGNITOGORSK, Russia (Reuters) – Hackers stole more than 1 billion roubles ($17 million) from Russian banks using the Cobalt Strike security-testing tool in 2017, a central bank official said on Tuesday.

Russia is under intense scrutiny over cyber crime following allegations hackers backed by Moscow have attacked targets in the United States and Europe, accusations the Kremlin has repeatedly denied.

Russian authorities are now keen to show that Russia too is a frequent victim of cyber crime and that they are working hard to combat it.

Central bank Deputy Governor Dmitry Skobelkin told an information security conference in the Russian city of Magnitogorsk that 21 “waves of attacks” using Cobalt Strike had been recorded in 2017.

“More than 240 credit organizations were hit by the attacks, 11 of which were successful. The amount stolen was more than 1 billion roubles,” he said.

Cobalt Strike is a security tool used to test the strength of an organization’s cyber defenses, but it has also been used by hackers to attack banks in Russia and Europe.

A group known as Cobalt because of their use of the tool attacked cash machines in more than a dozen countries in 2016, using the malicious software to force the ATMs to spit out cash.

Skobelkin said the Russian central bank had sent warnings to more than 400 organizations which were targeted by the Cobalt group last year.

($1 = 57.8102 roubles)

Reporting by Jack Stubbs; Editing by Katya Golubkova and Susan Fenton

REACH US

The Philippine Broadcast Hub

UNTV, 915 Barangay Philam,

EDSA, Quezon City M.M. 1104

(+63) 396-8688 (Tel)

(+63) 2 920.8336 (Fax)

info@untvweb.com (General inquiries)

support@untvweb.com

UNTV News and Rescue Emergency Hotlines:

LANDLINE (+63) 396-8688

ADVERTISE WITH US

(+63) 2 442.6244 Loc. 143, 144, 162, 164

advertising@untvweb.com

ABOUT UNTV

UNTV is a major TV broadcast network with 24-hour programming. An Ultra High Frequency station with strong brand content that appeal to everyone, UNTV is one of the most trusted and successful Philippine networks that guarantees wholesome and quality viewing experience.