WannaMine Can Hack Any System, CrowdStrike Says

According to CrowdStrike security company research, WannaMine XMR miner can hack any system
01 February 2018   2730

Experts in the field of information security from CrowdStrike reported a significant increase in WinnerMine's cyber attacks, intended for the hidden mining of the Monero crypto currency. As part of the program, hackers use the EternalBlue exploit, stolen from the US National Security Agency.

According to experts, in some cases, the work of companies affected by WannaMine, was stopped for several days or weeks. To establish the fact of infection is not easy, because the malicious program does not download any applications to the victim device.

WannaMine employs “living off the land” techniques such as Windows Management Instrumentation (WMI) permanent event subscriptions as a persistence mechanism. It also propagates via the EternalBlue exploit popularized by WannaCry. Its fileless nature and use of legitimate system software such as WMI and PowerShell make it difficult, if not impossible, for organizations to block it without some form of next-generation antivirus.
 

CrowdStrike Research

It is worth noting that EternalBlue is not the main component of WannaMine. First of all, the program uses the Mimikatz utility in order to get logins and passwords from the computer's memory. If this fails, WannaMine resorts to EternalBlue.Thanks to this feature WannaMine can hack any system, even with the latest updates.

For the first time, WannaMine's attack was recorded by Panda Security experts in October of last year.

Billionare's Wife Kidnappers to Demand €9M Worth XMR

Anna-Elizabeth Falkievik Hagen was allegedly abducted from her home, although the law enforcement agencies found no sign of hacking
10 January 2019   358

In late October, the wife of one of the wealthiest entrepreneurs in Norway, Tom Hagen, was kidnapped. The kidnappers are demanding a ransom of € 9 million in Monero, according to Norway Today.

Anna-Elizabeth Falkievik Hagen, 68, was allegedly abducted from her home, although the law enforcement agencies found no sign of hacking. A note with a ransom request was also found there.

Note that Interpol and Europol are involved in the investigation of the case of Falkievik, and the fact of the abduction was kept secret for a long time for security reasons.

Today, January 9, the police confirmed that Falkievik was abducted, and communication with the criminals takes place exclusively through some kind of "electronic platform". In addition, in December, the kidnappers could not provide evidence that she was still alive.

Probably the Falkievik case is the first time in Norway when a ransom is demanded in a cryptocurrency equivalent. Nevertheless, the police recommended that the criminals be denied their claims.

Tom Hagen is the founder of Elkraft AS, a power supply company. His fortune is estimated at 1.7 billion NOK (€ 170 million).

Earlier, employees of the local prosecutor’s office in Kiev and the National Police of Ukraine detained two suspects accused of stealing a miner in March of this year and stealing $ 50,000.

Now they face up to 15 years of imprisonment for robbery committed by a group of individuals in a preliminary conspiracy, infiltration and theft in a particularly large scale.