Suspected Islamist Shoots Up Florida Gay Bar

A man the FBI claims has possible leanings towards supporting Islamist causes shot up the gay bar "Pulse" in Orlando, Florida during the early hours of the morning (archived). An off duty police officer working security at the club reportedly exchanged gunfire with the man before a hostage situation developed. Police eventually conducted a "controlled explosion" before shooting the man dead. A variety of media sources are consistently reporting 20 deaths and 42 injuries UPDATE1: 50 deaths and 53 injuries in the event though no distinction has yet been made between casualties inflicted by the suspect and those taken by law enforcement in the crossfire.

Back in December of 2015 aspiring martyrs Syed Farook (WOT:nonperson) and Tashfeen Malik (WOT:nonperson) killed 14 and injured 22 at a facility that provides services for the developementally disabled in San Bernadino before getting themselves killed during their failed getaway. The San Bernadino event lead to the FBI and Apple circlejerking around an iPhone.

It is too early to tell what "rights" this latest media hysteria is going to push for taking away, but the likelyhood of Hussein Bahamas making at least one last big push to take your Guns, your God, and your Freedom is not out of the picture. Another likely side effect of this following so close in time to the San Bernadino attack and similar attacks in Europe is Autistic teen and twenty something white males losing the "most feared demographic in America" title acquired over two decades of school, mall, and theater shootings. Sorry for your loss.

Update 2: The shooter has been identified as Omar Mateen (WOT:nonperson). Mateen allegedly work as a security guard with clients that included USG assets.

Phishing Industry Shifts To Ransomware

A group calling itself PhishMe issued a report stating that 93% phishing emails now include ransomware in place of, or in addition to other payloads. News on the ransomware industry typically come in isolation due to the newness and novelty attached to the subject, but it isn't so new anymore. This news also shows that it isn't particularly novel either any more with Phishers overwhelmingly favoring it due to the income potential it presents. Sorry for your loss.

Self Propagating Ransomware Arrives

Microsoft is raising the alarm on the latest threat it opened its customers to: Zcryptor, a new ransomware product with self propagation features. Zcryptor is capable of deploying itself to shared network drives and portable storage devices accessible from an infected machine. Zcryptor also allows infected machines to be used as part of a DDoS gang for additional monetization opportunities. Once again ransomware seems to be leading other accessory industries surrounding Bitcoin in product improvement.

Ransomware Industry Tightening Product Quality

Proofpoint brings us news that the makers of the CryptXXX ransomware have patched a vulnerability in their product which allowed various antivirus companies to produce "decryptor" products which would recover user files without payment. Numerous ransomware producers have seen their revenue suffer as antivirus companies produced software that exploited vulnerabilities in their ransomware to circumvent payment. If other ransomware ventures follow the example of CryptXXX in improving their own products, the industry as a whole could see substantial growth over the next year.

New MBR Infecting Ransomware 'Petya' Found In The Wild

GData and TrendMicro report a new ransomware they refer to as 'Petya' is circulating in the wild largely affecting German 'Human Resources' departments (archived 1, archived 2). Like other ransomware Petya encrypts files on an infected machine, but it goes further than other ransomware by living in a computer's masterboot record and presenting its demands through a DOS boot screen when the infected machine is powered on. In its present incarnation Petya demands a 0.99 Bitcoin ransom which doubles if its payment deadline is missed. If an affected user goes through the FBI approved manner of recovering their files by paying the ransom, they would be well advised to physically destroy the disk and handle recovered files with care. This is because if anything was learned from the MBR infecting rootkit Sony distributed on their music CDs, it is that people who care enough to put their malware in the MBR tend to make complete eradication of the malware a tremendous pain.

Ransomware Comes To OSX Bittorrent Client

Ransomware has come to Apple's OSX through a doctored binary for the Transmission bittorrent client (archived). This is reminiscent of a similar failure by Linux Mint to secure their software distribution pipeline, with the only substantial added step in this case being the ~100 United States dollar expense to register a key with Apple to bypass their "Gatekeeper" check for signed code. Once again pseudo security theater fails to provide actual security.

Mass Ransomware Strike Hits Millions Of Indian Computers

A massive malware strike affecting three Indian banks and a pharmaceutical company has at a ransom of 1 Bitcoin per machine incurred a total ransom equivalent to multiple millions of United States dollars at fiat/Bitcoin interface reported exchange rates (archived). Apparently only select machines operated by executives had their ransoms paid, but as the source article notes even with the files decrypted malware may remain allowing for easier insertion for future penetrators. Paying ransomware demands is the recovery method officially endorsed by the United States Federal Bureau of Investigation.

The particular piece of ransomware used in this strike goes by the name LeChiffre (archived). It does not propagate automatically and its windows executable needs to be initiated manually. These means that to be deployed on this scale the entire network infrastructure of these enterprises was thoroughly penetrated and brought to submit to the ransomers.

Craig Steven Wright Raided By Australian Police

Hours after Wired and Gizmodo reported on the same day that Craig Steven Wright is their best guess for a likely Satoshi Nakamoto, Australian Federal Police began reportedly began raiding residences and businesses associated with Wright (archived). Mainstream media are parroting police assertions that the raids are unconnected with the possibility Wright may be Nakamoto but instead related to Australian Taxation Office matters. Given the timing of the raid however it is exceedingly likely police, the tax office, and other agents of fiat when reading the recent speculation did as a point of fact become aroused on rumors of Satoshi's hoard. Continue reading

Ransomware Ring Busted, "Decryptors" Rushed by Adware Vendors

Shortly after an FBI agent publicly encouraged ransomware victims to pay off their attackers, some arrests and leaks have lead to the release of a number of private keys maintained by some ransomware authors. Allegedly all of the keys for Coinvault and Bitcryptor ransomware have been acquired and persons alleged to have connections to the schemes have been arrested. Adware vendors Bitdefender (archived) and Kaspersky Labs (archived) have released free adware1 tools to decrypt files related to these ransomware products, though caution is advised as the decryption tools from these providers and those from others have the potential to be at least as malicious as the original ransomware.

  1. It is important to accurately categorize software according to what it really does instead of what it is marketed as. Their free products advertise their paid products and their paid products advertise still more premium paid products.