The Pronk Pops Show 893, May 15, 2017, Story 1: World Wide Ransom Ware Demands Spreading To Over 150 Countries — Huge Hacker Holdup Using Exploit of Security Flaw In Microsoft XP Operating System — Used Code Developed By U.S. National Security Agency (NSA) — Running Sacred — Crying — It’s Over — Videos — Story 2: American People Demand Congress Appoint Special Prosecutor — Investigate Obama’s Administration Use of Intelligence Community (NSA, CIA, FBI, …) Warrantless Surveillance of Both Democrat and Republican Presidential Candidates — The Use Intelligence Information For Political Purposes Is A Felony! — Videos

Posted on May 15, 2017. Filed under: American History, Applications, Blogroll, Breaking News, Computer, Computers, Corruption, Crime, Donald J. Trump, Donald Trump, Hardware, History, Human, Law, Life, Media, Networking, Privacy, Raymond Thomas Pronk, Science, Security, Servers, Social Science, Software, Wealth, Wisdom | Tags: , , , , , , |

Project_1

The Pronk Pops Show Podcasts

Pronk Pops Show 893,  May 15, 2017

Pronk Pops Show 892,  May 12, 2017

Pronk Pops Show 891,  May 11, 2017

Pronk Pops Show 891,  May 11, 2017

Pronk Pops Show 890,  May 10, 2017

Pronk Pops Show 889,  May 9, 2017

Pronk Pops Show 888,  May 8, 2017

Pronk Pops Show 887,  May 5, 2017

Pronk Pops Show 886,  May 4, 2017

Pronk Pops Show 885,  May 3, 2017

Pronk Pops Show 884,  May 1, 2017

Pronk Pops Show 883 April 28, 2017

Pronk Pops Show 882: April 27, 2017

Pronk Pops Show 881: April 26, 2017

Pronk Pops Show 880: April 25, 2017

Pronk Pops Show 879: April 24, 2017

Pronk Pops Show 878: April 21, 2017

Pronk Pops Show 877: April 20, 2017

Pronk Pops Show 876: April 19, 2017

Pronk Pops Show 875: April 18, 2017

Pronk Pops Show 874: April 17, 2017

Pronk Pops Show 873: April 13, 2017

Pronk Pops Show 872: April 12, 2017

Pronk Pops Show 871: April 11, 2017

Pronk Pops Show 870: April 10, 2017

Pronk Pops Show 869: April 7, 2017

Pronk Pops Show 868: April 6, 2017

Pronk Pops Show 867: April 5, 2017

Pronk Pops Show 866: April 3, 2017

Pronk Pops Show 865: March 31, 2017

Pronk Pops Show 864: March 30, 2017

Pronk Pops Show 863: March 29, 2017

Pronk Pops Show 862: March 28, 2017

Pronk Pops Show 861: March 27, 2017

Pronk Pops Show 860: March 24, 2017

Pronk Pops Show 859: March 23, 2017

Pronk Pops Show 858: March 22, 2017

Pronk Pops Show 857: March 21, 2017

Pronk Pops Show 856: March 20, 2017

Pronk Pops Show 855: March 10, 2017

Pronk Pops Show 854: March 9, 2017

Pronk Pops Show 853: March 8, 2017

Pronk Pops Show 852: March 6, 2017

Pronk Pops Show 851: March 3, 2017

Pronk Pops Show 850: March 2, 2017

Pronk Pops Show 849: March 1, 2017

Pronk Pops Show 848: February 28, 2017

Pronk Pops Show 847: February 27, 2017

Pronk Pops Show 846: February 24, 2017

Pronk Pops Show 845: February 23, 2017

Pronk Pops Show 844: February 22, 2017

Pronk Pops Show 843: February 21, 2017

Pronk Pops Show 842: February 20, 2017

Pronk Pops Show 841: February 17, 2017

Pronk Pops Show 840: February 16, 2017

Pronk Pops Show 839: February 15, 2017

Pronk Pops Show 838: February 14, 2017

Pronk Pops Show 837: February 13, 2017

Pronk Pops Show 836: February 10, 2017

Pronk Pops Show 835: February 9, 2017

Pronk Pops Show 834: February 8, 2017

Pronk Pops Show 833: February 7, 2017

Pronk Pops Show 832: February 6, 2017

Pronk Pops Show 831: February 3, 2017

Pronk Pops Show 830: February 2, 2017

Pronk Pops Show 829: February 1, 2017

Image result for cartoons ransom ware attack

Image result for obamagate surveillance of presidential candidates susan rice

Image result for cartoons branco susan rice trump

 

Story 1: Huge Hacker Holdup — Cyber extortion Attack — NSA Ransom War — Running Sacred — Crying — It’s Over — VideosImage result for ransome ware attackImage result for bitcoinImage result for cartoons ransom ware attackImage result for ransome ware attack list of countries and companies

Image result for ransome ware attack list of countries and companies
Image result for ransome ware attack list of countries and companies
Image result for ransome ware attack list of countries and companiesImage result for ransome ware attack list of countries and companies

 

 

Image result for cartoons ransom ware attack

Image result for cartoons ransom ware attack

Image result for 12 May 2017 ransome ware attack list of countries and companies

 New version of ransomware worm expected

Cyber Attack: Ransomware causing chaos globally – BBC News

Ransomware virus ‘WannaCry’ plagues 100k computers across 99 countries

Ransomware attack takes down LA hospital for hours

WannaCry Ransomware Hits Hospitals

WannaCry Ransomware Used In Global Attacks!

WATCH: Ransomware cyberattack targets Windows users around the world

BREAKING***100 Countries Massive Global Ransomware Attack Used NSA Hacking Tool

What is ransomware and how can I protect myself?

How Ransomware Locks Your PC & Holds Your Data Hostage

Massive Ransomware Outbreak Thanks to NSA – WannaCry Worm Spreading Fast

Ransomware As Fast As Possible

The Truth About Ransomware – Webinar

What is Ransomware, How it Works and What You Can Do to Stay Protected

NSA Whistleblower Bill Binney on Tucker Carlson 03.24.2017

NSA Whistleblower William Binney: The Future of FREEDOM

ROY ORBISON – CRYING – LIVE 1988

Roy Orbison – “Running Scared” from Black and White Night

Roy Orbison – Crying (Monument Concert 1965)

Roy Orbison – It’s Over (Monument Concert 1965)

Roy Orbison – “It’s Over” from Black and White Night

Worldwide ransomware attacks: What we know so far

May 15, 2017
AUTHOR: LILY HAY NEWMAN. SECURITY

HOW AN ACCIDENTAL ‘KILL SWITCH’ SLOWED FRIDAY’S MASSIVE RANSOMWARE ATTACK

Cybersecurity Experts’ First Task: Find Out How Virus Spread

Investigators think a computer outlet that isn’t supposed to be connected to the internet was a possible vector for WannaCry

The virus, dubbed WannaCry, is a two-part virus. One part is ransomware, which locks computer files and demands online payment to unlock them. The other part spreads it.

The virus, dubbed WannaCry, is a two-part virus. One part is ransomware, which locks computer files and demands online payment to unlock them. The other part spreads it. PHOTO: RITCHIE B. TONGO/EUROPEAN PRESSPHOTO AGENCY

Government investigators and private cybersecurity firms are trying to find out how a virus managed to spread around the globe over the weekend, which would give them their best chance to identify the mastermind behind the cyberattacks.

Investigators have already ruled out phishing—tricking someone into opening a seemingly legitimate email attachment that actually contains the virus—as a possible tactic. One of their hypotheses centers on something called port 445, an outlet that isn’t supposed to be connected to the internet.

The race is on to identify patient zero, or the first known infection of the virus, to find clues that could lead back to the hacker.

The attacks appear to have largely abated Monday, despite fears that a new workweek would trigger a second wave. Cybersecurity experts see fewer infections compared with Friday, when the onslaught started.

“We think the initial fire is put out,” said Rob Holmes, vice president of products at Proofpoint, a Silicon Valley company with virus sensors at major corporations and telecom companies.

The virus, dubbed WannaCry, is a two-part virus. One part is ransomware, which locks computer files and demands online payment to unlock them. The other part is a “spreader,” which transmits WannaCry to all other computers on a network. It attacks machines running Microsoft Corp.’s Windows systems that don’t have up-to-date security patches.

Mr. Holmes said 95% of ransomware attacks use the relatively unsophisticated technique of phishing.

A European Union cybersecurity agency published a report Monday, which said early indications pointed to emails containing WannaCry-infected Microsoft Office documents as the attacker’s weapon. But it quickly amended the report, saying phishing probably wasn’t involved.

If it had been a phishing attack, organizations would have found the offending email by now and described it to the public, cybersecurity experts said.

Now there are two main hypotheses as to how WannaCry could have wormed its way into a computer. One theory centers on port 445.

Imagine a network of 100 computers. These computers communicate with each other through digital roads. One of the roads is port 445, and it is usually reserved for Windows-running computers to transfer files to each other, or to send stuff to the printer, said Becky Pinkard, a vice president at cybersecurity firm Digital Shadows.

Authorities know WannaCry spread itself within a network using the port 445 roads. But how did it get there in the first place? Port 445 roads connect computers within a network, but it was thought to be walled off from the internet and outside world. Now investigators are trying to determine whether port 445’s wall has a hole that WannaCry wiggled through.

“Most researchers tend to believe at the moment that it spreads initially through vulnerable computers exposing port 445 on the internet,” the updated EU agency report said.

There is another theory. Ms. Pinkard said an employee could have taken an office-issued laptop to a coffee shop or hotel and logged onto the venue’s unsecure internet network. If that laptop doesn’t have the antivirus protections that networks at big organizations typically have, a hacker could’ve slipped WannaCry onto the device. When the employee brings the laptop back to the office and connects it to the network, bam: WannaCry spreads itself via port 445.

Companies can protect laptops from this with commercially available protection software, Ms. Pinkard said.

If researchers can find the original WannaCry victim, they might be able to trace the signature of the attacker who delivered the virus via an internet-protocol address, or IP address. “If I were law enforcement, I would be working to find who was the very first company impacted,” Ms. Pinkard said. “I would knock at the door and be asking, ‘Can I look at your logs?’ ”

The problem is that the IP address could lead to another IP address, which would lead to another IP address, and so on. “It’s a very slow and painful process,” Ms. Pinkard said.

Cybersecurity experts said that, even though some of the world’s smartest minds are on the case, it could take months or years to find the mastermind—if they find the attacker at all.

A parallel hunt would be following the money. WannaCry asked for ransom to be delivered via a digital currency called bitcoin. About 124 payments totaling about $34,000, or a little less than $300 each, went to the attacker as of Sunday afternoon, said bitcoin-analytics-firm Chainalysis. Every bitcoin transaction is recorded on an online ledger. But finding out the individual behind each transaction is difficult because users’ identities are well encrypted.

“There’s going to be a paper trail,” said Brian Knight, a George Mason University specialist in financial technology. “Whether it can be deciphered is a separate question.”

https://www.wsj.com/articles/cybersecurity-experts-first-task-find-out-how-virus-spread-1494868250

The cyberattacks started Friday and spread rapidly around the globe using a security flaw in Microsoft’s Windows XP operating system

The cyberattacks started Friday and spread rapidly around the globe using a security flaw in Microsoft’s Windows XP operating system

 Security agencies are hunting for those behind a crippling cyberattack which has so far hit hundreds of thousands of computers worldwide, including at government agencies, factories and health services.

Here is what we know so far about the cyber ransom attacks:

– What happened? –

The cyberattacks started Friday and spread rapidly around the globe using a security flaw in Microsoft’s Windows XP operating system, an older version that is no longer given mainstream tech support by the US giant.

The so-called WannaCry ransomware locks access to user files and in an on-screen message demands payment of $300 (275 euros) in the virtual currency Bitcoin in order to decrypt the files.

Victims have been advised by security experts not to pay up.

The attack is unique, according to policing agency Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.

– Who has been affected? –

Europol chief Rob Wainwright said computer systems in more than 150 countries were hit, with the majority of organisations affected over the weekend in Europe.

But as Asia woke up to the working week on Monday, leading Chinese security-software provider Qihoo 360 said “hundreds of thousands” of computers in the country were hit at nearly 30,000 institutions including government agencies.

In Japan, a spokesman for Hitachi said the conglomerate discovered problems on Monday morning and its computer networks were “unstable”.

Other high-profile victims include hospitals in Britain, the Spanish telecoms giant Telefonica, French carmaker Renault, US package delivery company FedEx, Russia’s interior ministry and the German rail operator Deutsche Bahn.

– Where did the malware come from? –

Brad Smith, Microsoft’s president and chief legal officer, said in a blog post Sunday that the culprits used a code developed by the US National Security Agency.

It was leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

Smith warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers — not sell, store or exploit them, lest they fall into the wrong hands.

“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen,” Smith wrote.

“The governments of the world should treat this attack as a wake up call.”

– Who was behind the attack? –

Europol said on Monday it was continuing to hunt for the culprits behind the unprecedented attack.

The agency’s senior spokesman Jan Op Gen Oorth said it was still “a bit early too say who is behind it, but we are working on a decrypting tool”.

Experts think it unlikely to have been one person, with criminally minded cyber crime syndicates nowadays going underground and using ever more sophisticated encryption to hide their activities.

– How can people protect their computers? –

Microsoft took the unusual step of reissuing security patches first made available in March for Windows XP and other older versions of its operating system.

Kaspersky said it was seeking to develop a decryption tool “as soon as possible”.

Europol said European companies and governments had heeded warnings and as a result avoided further fallout from the ransomware.

“It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates,” Jan Op Gen Oorth told AFP.

https://www.yahoo.com/tech/worldwide-ransomware-cyberattacks-know-152751340.html

Dozens of countries hit by huge cyberextortion attack

NEW YORK (AP) — Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.

It was believed to the biggest attack of its kind ever recorded.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Britain’s national health service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients. Russia appeared to be the hardest hit, according to security experts, with the country’s Interior Ministry confirming it was struck.

All told, several cybersecurity firms said they had identified the malicious software, which so far has been responsible for tens of thousands of attacks, in more than 60 countries. That includes the United States, although its effects there didn’t appear to be widespread, at least initially.

The attack infected computers with what is known as “ransomware” — software that locks up the user’s data and flashes a message demanding payment to release it. In the U.S., FedEx reported that its Windows computers were “experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history.”

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

Its ransom demands start at $300 and increase after two hours to $400, $500 and then $600, said Kurt Baumgartner, a security researcher at Kaspersky Lab. Affected users can restore their files from backups, if they have them, or pay the ransom; otherwise they risk losing their data entirely.

Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.

“For so many organizations in the same day to be hit, this is unprecedented,” he said.

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

Shortly after that disclosure, Microsoft announced that it had already issued software “patches” for those holes. But many companies and individuals haven’t installed the fixes yet or are using older versions of Windows that Microsoft no longer supports and didn’t fix.

By Kaspersky Lab’s count, the malware struck at least 74 countries. In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to the security firm.

Hospitals across Britain found themselves without access to their computers or phone systems. Many canceled all routine procedures and asked patients not to come to the hospital unless it was an emergency. Doctors’ practices and pharmacies reported similar problems.

Patrick Ward, a 47-year-old sales director, said his heart operation, scheduled for Friday, was canceled at St. Bartholomew’s Hospital in London.

Tom Griffiths, who was at the hospital for chemotherapy, said several cancer patients had to be sent home because their records or bloodwork couldn’t be accessed.

“Both staff and patients were frankly pretty appalled that somebody, whoever they are, for commercial gain or otherwise, would attack a health care organization,” he said. “It’s stressful enough for someone going through recovery or treatment for cancer.”

British Prime Minister Theresa May said there was no evidence patient data had been compromised and added that the attack had not specifically targeted the National Health Service.

“It’s an international attack and a number of countries and organizations have been affected,” she said.

Spain, meanwhile, took steps to protect critical infrastructure in response to the attack. Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.

Spain’s Telefonica, a global broadband and telecommunications company, was among the companies hit.

Ransomware attacks are on the rise around the world. In 2016, Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.

Krishna Chinthapalli, a doctor at Britain’s National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, warned that British hospitals’ old operating systems and confidential patient information made them an ideal target for blackmailers.

He said many NHS hospitals in Britain use Windows XP software, introduced in 2001, and as government funding for the health service has been squeezed, “IT budgets are often one of the first ones to be reduced.”

“Looking at the trends, it was going to happen,” he said. “I did not expect an attack on this scale. That was a shock.

https://apnews.com/e8402f2faf934f7ab5419d4961d3dafe/Global-extortion-cyberattack-hits-dozens-of-nations

Global ‘WannaCry’ ransomware cyberattack seeks cash for data

LONDON (AP) — A global “ransomware” cyberattack, unprecedented in scale, had technicians scrambling to restore Britain’s crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations.

The worldwide effort to extort cash from computer users spread so widely that Microsoft quickly changed its policy, making security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.

A malware tracking map showed “WannaCry” infections popping up around the world. Britain canceled or delayed treatments for thousands of patients, even people with cancer. Train systems were hit in Germany and Russia, and phone companies in Madrid and Moscow. Renault’s futuristic assembly line in Slovenia, where rows of robots weld car bodies together, was stopped cold.

In Brazil, the social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil’s Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.

Britain’s home secretary said one in five of 248 National Health Service groups had been hit. Home Secretary Amber Rudd said all but six of the NHS trusts back to normal Saturday.

The U.K.’s National Cyber Security Center was “working round the clock” to restore vital health services, while urging people to update security software fixes, run anti-virus software and back up their data elsewhere.

Who perpetrated this wave of attacks remains unknown. Two security firms — Kaspersky Lab and Avast — said they identified the malicious software in more than 70 countries. Both said Russia was hit hardest.

These hackers “have caused enormous amounts of disruption— probably the biggest ransomware cyberattack in history,” said Graham Cluley, a veteran of the anti-virus industry in Oxford, England.

And all this may be just a taste of what’s coming, another cyber security expert warned.

Computer users worldwide — and everyone else who depends on them — should assume that the next big “ransomware” attack has already been launched, and just hasn’t manifested itself yet, Ori Eisen, who founded the Trusona cybersecurity firm in Scottsdale, Arizona, told The Associated Press.

The attack held hospitals and other entities hostage by freezing computers, encrypting data and demanding money through online bitcoin payments. But it appears to be “low-level” stuff, Eisen said Saturday, given the amount of ransom demanded — $300 at first, rising to $600 before it destroys files hours later.

He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.

“This is child’s play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?” he asked.

“Today, it happened to 10,000 computers,” Eisen said. “There’s no barrier to do it tomorrow to 100 million computers.”

This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Ukraine, Brazil, Spain and India. Europol, the European Union’s police agency, said the onslaught was at “an unprecedented level and will require a complex international investigation to identify the culprits.”

In Russia, government agencies insisted that all attacks had been resolved. Russian Interior Ministry, which runs the national police, said the problem had been “localized” with no information compromised. Russia’s health ministry said its attacks were “effectively repelled.”

The ransomware exploits a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes. Hackers said they stole the tools from the NSA and dumped them on the internet.

It could have been much worse if not for a young cybersecurity researcher who helped to halt its spread by accidentally activating a so-called “kill switch” in the malicious software.

The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday that he spotted a hidden web address in the “WannaCrypt” code and made it official by registering its domain name. That inexpensive move redirected the attacks to MalwareTech’s server, which operates as a “sinkhole” to keep malware from escaping.

“Because WannaCrypt used a single hardcoded domain, my registration of it caused all infections globally to believe they were inside a sandbox … thus we initially unintentionally prevented the spread,” the researcher said, humbly and anonymously, in his blog post.

His move may have saved governments and companies millions of dollars and slowed the outbreak before U.S.-based computers were more widely infected.

Indeed, while FedEx Corp. reported that its Windows computers were “experiencing interference” from malware — it wouldn’t say if it had been hit by the ransomware — other impacts in the U.S. were not readily apparent on Saturday.

That said, the threat hasn’t disappeared, the MalwareTech researcher said.

“One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible,” he warned.

The kill switch also couldn’t help those already infected. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.

Security experts said it appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly as employees share documents.

The security holes it exploits were disclosed weeks ago by TheShadowBrokers, a mysterious hacking group. Microsoft swiftly released software “patches” to fix those holes, but many users still haven’t installed updates or still use older versions of Windows.

Microsoft had made fixes for older systems, such as 2001′s Windows XP, available only to mostly larger organizations, including Britain’s National Health Service, that paid extra for extended technical support. In light of Friday’s attacks, Microsoft announced that it’s making the fixes free to all.

Cluley said “There’s clearly some culpability on the part of the U.S. intelligence services. Because they could have done something ages ago to get this problem fixed, and they didn’t do it.”

“It’s very, very difficult these days, with encryption, to spy on people,” Cluley added. “But I don’t think that those concerns should hide the fact that ALL of us need to be protected … We’re living an online life, and we all deserve security there.”

https://apnews.com/770946e7df454d2e9acda3bdbd3ed425/Unprecedented-global-‘ransomware’-attack-seeks-cash-for-data

Ransomware

From Wikipedia, the free encyclopedia

Ransomware is a type of malicious software designed to block access to a computer system or data until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.[1] The ransomware may also encrypt the computer’s Master File Table (MFT)[2][3] or the entire hard drive.[4] Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files[5] since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.

While initially popular in Russia, the use of ransomware scams has grown internationally;[6][7][8] in June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013, more than double the number it had obtained in the first quarter of 2012.[9] Wide-ranging attacks involving encryption-based ransomware began to increase through Trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities,[10] and CryptoWall, which was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m by June 2015.[11]

Operation

Typically, modern ransomware uses encryption to deny users’ access to their files. The software encrypts the victim’s files using a symmetric cipher with a randomly generated key, and then deletes the key, leaving only a version of it made inaccessible to the victim using public key cryptography. Only the attacker can then decrypt the symmetric key needed to restore the files.[12]

The symmetric key is randomly generated and will not assist other victims. At no point is the attacker’s private key exposed to victims and the victim need only send a very small ciphertext (the encrypted symmetric-cipher key) to the attacker.

Ransomware attacks are typically carried out using a Trojan, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program then runs a payload, which locks the system in some fashion, or claims to lock the system but does not (e.g., a scareware program). Payloads may display a fake warning purportedly by an entity such as a law enforcement agency, falsely claiming that the system has been used for illegal activities, contains content such as pornography and “pirated” media.[13][14][15]

Some payloads consist simply of an application designed to lock or restrict the system until payment is made, typically by setting the Windows Shell to itself,[16] or even modifying the master boot record and/or partition table to prevent the operating system from booting until it is repaired.[17] The most sophisticated payloads encrypt files, with many using strong encryption to encrypt the victim’s files in such a way that only the malware author has the needed decryption key.[12][18][19]

Payment is virtually always the goal, and the victim is coerced into paying for the ransomware to be removed—which may or may not actually occur—either by supplying a program that can decrypt the files, or by sending an unlock code that undoes the payload’s changes. A key element in making ransomware work for the attacker is a convenient payment system that is hard to trace. A range of such payment methods have been used, including wire transfers, premium-rate text messages,[20] pre-paid voucher services such as Paysafecard,[6][21][22] and the digital currency Bitcoin.[23][24][25] A 2016 census commissioned by Citrix revealed that larger business are holding bitcoin as contingency plans.[26]

History

Encrypting ransomware

The first known malware extortion attack, the “AIDS Trojan” written by Joseph Popp in 1989, had a design failure so severe it was not necessary to pay the extortionist at all. Its payload hid the files on the hard drive and encrypted only their names, and displayed a message claiming that the user’s license to use a certain piece of software had expired. The user was asked to pay US$189 to “PC Cyborg Corporation” in order to obtain a repair tool even though the decryption key could be extracted from the code of the Trojan. The Trojan was also known as “PC Cyborg”. Popp was declared mentally unfit to stand trial for his actions, but he promised to donate the profits from the malware to fund AIDS research.[27]

The notion of using public key cryptography for ransom attacks was introduced in 1996 by Adam L. Young and Moti Yung. Young and Yung critiqued the failed AIDS Information Trojan that relied on symmetric cryptography alone, the fatal flaw being that the decryption key could be extracted from the Trojan, and implemented an experimental proof-of-concept cryptovirus on a Macintosh SE/30 that used RSA and the Tiny Encryption Algorithm (TEA) to hybrid encrypt the victim’s data. Since public key crypto is used, the cryptovirus only contains the encryption key. The attacker keeps the corresponding private decryption key private. Young and Yung’s original experimental cryptovirus had the victim send the asymmetric ciphertext to the attacker who deciphers it and returns the symmetric decryption key it contains to the victim for a fee. Long before electronic money existed Young and Yung proposed that electronic money could be extorted through encryption as well, stating that “the virus writer can effectively hold all of the money ransom until half of it is given to him. Even if the e-money was previously encrypted by the user, it is of no use to the user if it gets encrypted by a cryptovirus”.[12] They referred to these attacks as being “cryptoviral extortion”, an overt attack that is part of a larger class of attacks in a field called cryptovirology, which encompasses both overt and covert attacks.[12]

Examples of extortionate ransomware became prominent in May 2005.[28] By mid-2006, Trojans such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. Gpcode.AG, which was detected in June 2006, was encrypted with a 660-bit RSA public key.[29] In June 2008, a variant known as Gpcode.AK was detected. Using a 1024-bit RSA key, it was believed large enough to be computationally infeasible to break without a concerted distributed effort.[30][31][32][33]

Encrypting ransomware returned to prominence in late 2013 with the propagation of CryptoLocker—using the Bitcoin digital currency platform to collect ransom money. In December 2013, ZDNet estimated based on Bitcoin transaction information that between 15 October and 18 December, the operators of CryptoLocker had procured about US$27 million from infected users.[34] The CryptoLocker technique was widely copied in the months following, including CryptoLocker 2.0 (though not to be related to CryptoLocker), CryptoDefense (which initially contained a major design flaw that stored the private key on the infected system in a user-retrievable location, due to its use of Windows’ built-in encryption APIs),[24][35][36][37] and the August 2014 discovery of a Trojan specifically targeting network-attached storage devices produced by Synology.[38] In January 2015, it was reported that ransomware-styled attacks have occurred against individual websites via hacking, and through ransomware designed to target Linux-based web servers.[39][40][41]

Some ransomware strains have used proxies tied to Tor hidden services to connect to their command and control servers, increasing the difficulty of tracing the exact location of the criminals.[42][43] Furthermore, dark web vendors have increasingly started to offer the technology as a service.[43][44][45]

Symantec has classified ransomware to be the most dangerous cyber threat.[46]

Non-encrypting ransomware

In August 2010, Russian authorities arrested nine individuals connected to a ransomware Trojan known as WinLock. Unlike the previous Gpcode Trojan, WinLock did not use encryption. Instead, WinLock trivially restricted access to the system by displaying pornographic images, and asked users to send a premium-rate SMS (costing around US$10) to receive a code that could be used to unlock their machines. The scam hit numerous users across Russia and neighboring countries—reportedly earning the group over US$16 million.[15][47]

In 2011, a ransomware Trojan surfaced that imitated the Windows Product Activation notice, and informed users that a system’s Windows installation had to be re-activated due to “[being a] victim of fraud”. An online activation option was offered (like the actual Windows activation process), but was unavailable, requiring the user to call one of six international numbers to input a 6-digit code. While the malware claimed that this call would be free, it was routed through a rogue operator in a country with high international phone rates, who placed the call on hold, causing the user to incur large international long distance charges.[13]

In February 2013, a ransomware Trojan based on the Stamp.EK exploit kit surfaced; the malware was distributed via sites hosted on the project hosting services SourceForge and GitHub that claimed to offer “fake nude pics” of celebrities.[48] In July 2013, an OS X-specific ransomware Trojan surfaced, which displays a web page that accuses the user of downloading pornography. Unlike its Windows-based counterparts, it does not block the entire computer, but simply exploits the behavior of the web browser itself to frustrate attempts to close the page through normal means.[49]

In July 2013, a 21-year-old man from Virginia, whose computer coincidentally did contain pornographic photographs of underaged girls with whom he had conducted sexualized communications, turned himself in to police after receiving and being deceived by ransomware purporting to be an FBI message accusing him of possessing child pornography. An investigation discovered the incriminating files, and the man was charged with child sexual abuse and possession of child pornography.[50]

Leakware (also called Doxware)

The converse of ransomware is a cryptovirology attack that threatens to publish stolen information from the victim’s computer system rather than deny the victim access to it.[51] In a leakware attack, malware exfiltrates sensitive host data either to the attacker or alternatively, to remote instances of the malware, and the attacker threatens to publish the victim’s data unless a ransom is paid. The attack was presented at West Point in 2003 and was summarized in the book Malicious Cryptography as follows, “The attack differs from the extortion attack in the following way. In the extortion attack, the victim is denied access to its own valuable information and has to pay to get it back, where in the attack that is presented here the victim retains access to the information but its disclosure is at the discretion of the computer virus”.[52] The attack is rooted in game theory and was originally dubbed “non-zero sum games and survivable malware”. The attack can yield monetary gain in cases where the malware acquires access to information that may damage the victim user or organization, e.g., reputational damage that could result from publishing proof that the attack itself was a success.

Mobile ransomware

With the increased popularity of ransomware on PC platforms, ransomware targeting mobile operating systems have also proliferated. Typically, mobile ransomware payloads are blockers, as there is little incentive to encrypt data since it can be easily restored via online synchronization.[53] Mobile ransomware typically targets the Android platform, as it allows applications to be installed from third-party sources.[53][54] The payload is typically distributed as an APK file installed by an unsuspecting user; it may attempt to display a blocking message over top of all other applications,[54] while another used a form of clickjacking to cause the user to give it “device administrator” privileges to achieve deeper access to the system.[55]

Different tactics have been used on iOS devices, such as exploiting iCloud accounts and using the Find My iPhone system to lock access to the device.[56] On iOS 10.3, Apple patched a bug in the handling of JavaScript pop-up windows in Safari that had been exploited by ransomware websites.[57]

Notable examples

Reveton

A Reveton payload, fraudulently claiming that the user must pay a fine to the Metropolitan Police Service

In 2012, a major ransomware Trojan known as Reveton began to spread. Based on the Citadel Trojan (which itself, is based on the Zeus Trojan), its payload displays a warning purportedly from a law enforcement agency claiming that the computer has been used for illegal activities, such as downloading unlicensed software or child pornography. Due to this behaviour, it is commonly referred to as the “Police Trojan”.[58][59][60] The warning informs the user that to unlock their system, they would have to pay a fine using a voucher from an anonymous prepaid cash service such as Ukash or Paysafecard. To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer’s IP address, while some versions display footage from a victim’s webcam to give the illusion that the user is being recorded.[6][61]

Reveton initially began spreading in various European countries in early 2012.[6] Variants were localized with templates branded with the logos of different law enforcement organizations based on the user’s country; for example, variants used in the United Kingdom contained the branding of organizations such as the Metropolitan Police Service and the Police National E-Crime Unit. Another version contained the logo of the royalty collection society PRS for Music, which specifically accused the user of illegally downloading music.[62] In a statement warning the public about the malware, the Metropolitan Police clarified that they would never lock a computer in such a way as part of an investigation.[6][14]

In May 2012, Trend Micro threat researchers discovered templates for variations for the United States and Canada, suggesting that its authors may have been planning to target users in North America.[63] By August 2012, a new variant of Reveton began to spread in the United States, claiming to require the payment of a $200 fine to the FBI using a MoneyPak card.[7][8][61]In February 2013, a Russian citizen was arrested in Dubai by Spanish authorities for his connection to a crime ring that had been using Reveton; ten other individuals were arrested on money laundering charges.[64] In August 2014, Avast Software reported that it had found new variants of Reveton that also distribute password stealing malware as part of its payload.[65]

CryptoLocker

Encrypting ransomware reappeared in September 2013 with a Trojan known as CryptoLocker, which generated a 2048-bit RSA key pair and uploaded in turn to a command-and-control server, and used to encrypt files using a whitelist of specific file extensions. The malware threatened to delete the private key if a payment of Bitcoin or a pre-paid cash voucher was not made within 3 days of the infection. Due to the extremely large key size it uses, analysts and those affected by the Trojan considered CryptoLocker extremely difficult to repair.[23][66][67][68]Even after the deadline passed, the private key could still be obtained using an online tool, but the price would increase to 10 BTC—which cost approximately US$2300 as of November 2013.[69][70]

CryptoLocker was isolated by the seizure of the Gameover ZeuS botnet as part of Operation Tovar, as officially announced by the U.S. Department of Justice on 2 June 2014. The Department of Justice also publicly issued an indictment against the Russian hacker Evgeniy Bogachev for his alleged involvement in the botnet.[71][72] It was estimated that at least US$3 million was extorted with the malware before the shutdown.[10]

CryptoLocker.F and TorrentLocker

In September 2014, a wave of ransomware Trojans surfaced that first targeted users in Australia, under the names CryptoWall and CryptoLocker (which is, as with CryptoLocker 2.0, unrelated to the original CryptoLocker). The Trojans spread via fraudulent e-mails claiming to be failed parcel delivery notices from Australia Post; to evade detection by automatic e-mail scanners that follow all links on a page to scan for malware, this variant was designed to require users to visit a web page and enter a CAPTCHA code before the payload is actually downloaded, preventing such automated processes from being able to scan the payload. Symantec determined that these new variants, which it identified as CryptoLocker.F, were again, unrelated to the original CryptoLocker due to differences in their operation.[73][74] A notable victim of the Trojans was the Australian Broadcasting Corporation; live programming on its television news channel ABC News 24 was disrupted for half an hour and shifted to Melbourne studios due to a CryptoWall infection on computers at its Sydney studio.[75][76][77]

Another Trojan in this wave, TorrentLocker, initially contained a design flaw comparable to CryptoDefense; it used the same keystream for every infected computer, making the encryption trivial to overcome. However, this flaw was later fixed.[35] By late-November 2014, it was estimated that over 9,000 users had been infected by TorrentLocker in Australia alone, trailing only Turkey with 11,700 infections.[78]

CryptoWall

Another major ransomware Trojan targeting Windows, CryptoWall, first appeared in 2014. One strain of CryptoWall was distributed as part of a malvertising campaign on the Zedo ad network in late-September 2014 that targeted several major websites; the ads redirected to rogue websites that used browser plugin exploits to download the payload. A Barracuda Networks researcher also noted that the payload was signed with a digital signature in an effort to appear trustworthy to security software.[79] CryptoWall 3.0 used a payload written in JavaScript as part of an email attachment, which downloads executables disguised as JPG images. To further evade detection, the malware creates new instances of explorer.exe and svchost.exe to communicate with its servers. When encrypting files, the malware also deletes volume shadow copies, and installs spyware that steals passwords and Bitcoin wallets.[80]

The FBI reported in June 2015 that nearly 1,000 victims had contacted the bureau’s Internet Crime Complaint Center to report CryptoWall infections, and estimated losses of at least $18 million.[11]

The most recent version, CryptoWall 4.0, enhanced its code to avoid antivirus detection, and encrypts not only the data in files but also the file names.[81]

Fusob

Fusob is one of the major mobile ransomware families. Between April 2015 and March 2016, about 56 percent of accounted mobile ransomwares was Fusob.[82]

Like a typical mobile ransomware, it employs scare tactics to extort people to pay a ransom.[83] The program pretends to be an accusatory authority, demanding the victim to pay a fine from $100 to $200 USD or otherwise face a fictitious charge. Rather surprisingly, Fusob suggests using iTunes gift cards for payment. Also, a timer clicking down on the screen adds to the users’ anxiety as well.

In order to infect devices, Fusob masquerades as a pornographic video player. Thus, victims, thinking it is harmless, unwittingly download Fusob.[84]

When Fusob is installed, it first checks the language used in the device. If it uses Russian or certain Eastern European languages, Fusob does nothing. Otherwise, it proceeds on to lock the device and demand ransom. Among victims, about 40% of them are in Germany with the United Kingdom and the United States following with 14.5% and 11.4% respectively.

Fusob has lots in common with Small, which is another major family of mobile ransomware. They represented over 93% of mobile ransomwares between 2015 and 2016.

WannaCry

In May 2017, the WannaCry ransomware attack spread though the Internet, using an exploit vector that Microsoft had issued a “Critical” patch for (MS17-010) two months before on March 14, 2017. The ransomware attack infected over 75,000 users in over 99 countries, using 20 different languages to demand money from users. The attack affected Telefónica and several other large companies in Spain, as well as parts of the British National Health Service (NHS),[85] FedEx, Deutsche Bahn, as well as the Russian Interior Ministry and Russian telecom MegaFon.[86]

Mitigation

As with other forms of malware, security software might not detect a ransomware payload, or, especially in the case of encrypting payloads, only after encryption is under way or complete, particularly if a new version unknown to the protective software is distributed.[87] If an attack is suspected or detected in its early stages, it takes some time for encryption to take place; immediate removal of the malware (a relatively simple process) before it has completed would stop further damage to data, without salvaging any already lost.[88][89]

Alternately, new categories of security software, specifically deception technology, can detect ransomware without using a signature-based approach. Deception technology utilizes fake SMB shares which surround real IT assets. These fake SMB data shares deceive ransomware, tie the ransomware up encrypting these false SMB data shares, alert and notify cyber security teams which can then shut down the attack and return the organization to normal operations. There are multiple vendors[90] that support this capability with multiple announcements in 2016.[91]

Security experts have suggested precautionary measures for dealing with ransomware. Using software or other security policies to block known payloads from launching will help to prevent infection, but will not protect against all attacks. Keeping “offline” backups of data stored in locations inaccessible to the infected computer, such as external storage drives, prevents them from being accessed by the ransomware, thus accelerating data restoration.[23][92]

There are a number of tools intended specifically to decrypt files locked by ransomware, although successful recovery may not be possible.[2][93] If the same encryption key is used for all files, decryption tools use files for which there are both uncorrupted backups (plaintext in the jargon of cryptanalysis) and encrypted copies; recovery of the key, if it is possible, may take several days.[94]

See also

References

WannaCry ransomware attack

From Wikipedia, the free encyclopedia
WannaCry ransomware attack
Wana Decrypt0r screenshot.png

Screenshot of the ransom note left on an infected system
Date 12 May 2017 (ongoing)
Location Worldwide
Also known as WannaCrypt, WanaCrypt0r
Type Cyber-attack
Theme Ransomware encrypting hard disk with $300 demand
Cause EternalBlue exploit
Participants Unknown
Outcome More than 230,000 computers infected[1]

WannaCry, also known by the names WannaCrypt,[2] WanaCrypt0r 2.0,[3] Wanna Decryptor[4] and other similar names, is a ransomware program targeting Microsoft Windows. In May 2017, a large cyber-attack using it was launched, infecting over 230,000 computers in 99 countries, demanding ransom payments in bitcoin in 28 languages. The attack has been described by Europol as unprecedented in scale.[5]

The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain’s National Health Service (NHS),[6] FedEx and Deutsche Bahn.[7][8][9] Other targets in at least 99 countries were also reported to have been attacked around the same time.[10][11]

WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency[12][13] to attack computers running Microsoft Windows operating systems.[3][14] Although a patch to remove the underlying vulnerability had been issued on 14 March 2017,[15] delays in applying security updates left some users and organisations vulnerable.[16] Microsoft has taken the unusual step of releasing updates for the unsupported Windows XP and Windows Server 2003 and patches for Windows 8 operating systems.[2][17]

A kill switch has been found in the code, which prevents new infections. This has been activated by researchers and should slow or stop the spread. However, different versions of the attack may be released and all vulnerable systems still have an urgent need to be patched.

Background

The purported infection vector, EternalBlue, was released by the hacker group The Shadow Brokers on 14 April 2017,[18][19] along with other tools apparently leaked from Equation Group, which is believed to be part of the United States National Security Agency.[20][21]

EternalBlue exploits vulnerability MS17-010[15] in Microsoft‘s implementation of the Server Message Block (SMB) protocol. Microsoft had released a “Critical” advisory, along with an update patch to plug the vulnerability a month before, on 14 March 2017.[15] This patch only fixed Windows Vista and later operating systems but not the older Windows XP.

Countries initially affected[22]

On 12 May 2017, WannaCry began affecting computers worldwide.[23] After gaining access to the computers, via local area network (LAN), an email attachment, or drive-by download, the ransomware encrypts the computer’s hard disk drive,[24][25] then attempts to exploit the SMB vulnerability to spread to random computers on the Internet,[26] and “laterally” between computers on the same LAN.[27] As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of $300 in bitcoin within three days.

The Windows vulnerability is not a zero-day flaw, but one for which Microsoft had made available a security patch on 14 March 2017,[15] nearly two months before the attack. The patch was to the Server Message Block (SMB) protocol used by Windows.[28] Organizations that lacked this security patch were affected for this reason, although there is so far no evidence that any were specifically targeted by the ransomware developers.[28] Any organization still running the older Windows XP[29] were at particularly high risk because until 13 May,[2] no security patches had been released since April 2014.[30] Following the attack, Microsoft released a security patch for Windows XP.[2]

According to Wired, affected systems will also have had the DOUBLEPULSAR backdoor installed; this will also need to be removed when systems are cleaned up.[31]

Impact

The ransomware campaign was unprecedented in scale according to Europol.[5] The attack affected many NHS hospitals in the UK.[32] On 12 May, some NHS services had to turn away non-critical emergencies, and some ambulances were diverted.[7][33] In 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP.[29]Nissan Motor Manufacturing UK in Tyne and Wear, one of Europe‘s most productive car manufacturing plants, halted production after the ransomware infected some of their systems. Renault also stopped production at several sites in an attempt to stop the spread of the ransomware.[34][35]

List of affected organizations

Response

Several hours after the initial release of the ransomware on 12 May 2017, a “kill switch” hardcoded into the malware was discovered. This allowed the spread of the initial infection to be halted by registering a domain name.[52] However, the kill switch appears to be a coding mistake on the part of the criminals, and variants without the kill switch are expected to be created.[53][54]

Reactions

Upon learning about the impact on the NHS, Edward Snowden said that if the NSA “had privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] may not have happened”.[55]

British Prime Minister Theresa May said of the ransomware, “This is not targeted at the NHS. It is an international attack. A number of countries and organizations have been affected.”[56]

Microsoft has created security patches for its now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.[57]

See also

___

Story 2: American People Demand Congress Appoint Special Prosecutor — Investigate Obama’s Administration Use of Intelligence Community  (NSA, CIA, FBI, …) Warrantless Surveillance of Both Democrat and Republican Presidential Candidates — The Use Intelligence Information For Political Purposes Is A Felony! — Videos

Were senators under surveillance by Obama administration?

Obama Might have Spied on Rand Paul and Other Republicans

Tucker Carlson : Did Obama Admin Spy On President Trump’s Team “Compelling Evidence Revealed”

Trump slams Susan Rice over refusal to testify

What is the status of the Susan Rice investigation?

Sen Rand Paul Destroys Morning Joe Panel Over Trump Spying Allegations

Dr. Gorka: Susan Rice controversy more than ‘just smoke’

David Bossie: These are criminal acts by Susan Rice

Where does the Susan Rice story go from here?

Byron York reacts to Clapper denying wiretap of Trump

White House asks Congress to investigate Obama 5 Mar 2017

White House Asks Congress To Investigate Wiretap Claim – America’s Newsroom

Multiple Felonies Committed By Obama Admin. Obama Surveillance on Trump.

Obama stopped FBI from revealing russia probe, so surveillance of Trump could continue in 2016/2017

Surveillance Confirmed Of President Trump. Obama spied on Trump. where is the arrest?

FIRING: HERRIDGE FINDS NAIL IN COMEY COFFIN

 

The Pronk Pops Show Podcasts Portfolio

Listen To Pronk Pops Podcast or Download Shows 889-893

Listen To Pronk Pops Podcast or Download Shows 884-888

Listen To Pronk Pops Podcast or Download Shows 878-883

Listen To Pronk Pops Podcast or Download Shows 870-877

Listen To Pronk Pops Podcast or Download Shows 864-869

Listen To Pronk Pops Podcast or Download Shows 857-863

Listen To Pronk Pops Podcast or Download Shows 850-856

Listen To Pronk Pops Podcast or Download Shows 845-849

Listen To Pronk Pops Podcast or Download Shows 840-844

Listen To Pronk Pops Podcast or Download Shows 833-839

Listen To Pronk Pops Podcast or Download Shows 827-832

Listen To Pronk Pops Podcast or Download Shows 821-826

Listen To Pronk Pops Podcast or Download Shows 815-820

Listen To Pronk Pops Podcast or Download Shows 806-814

Listen To Pronk Pops Podcast or Download Shows 800-805

Listen To Pronk Pops Podcast or Download Shows 793-799

Listen To Pronk Pops Podcast or Download Shows 785-792

Listen To Pronk Pops Podcast or Download Shows 777-784

Listen To Pronk Pops Podcast or Download Shows 769-776

Listen To Pronk Pops Podcast or Download Shows 759-768

Listen To Pronk Pops Podcast or Download Shows 751-758

Listen To Pronk Pops Podcast or Download Shows 745-750

Listen To Pronk Pops Podcast or Download Shows 738-744

Listen To Pronk Pops Podcast or Download Shows 732-737

Listen To Pronk Pops Podcast or Download Shows 727-731

Listen To Pronk Pops Podcast or Download Shows 720-726

Listen To Pronk Pops Podcast or DownloadShows 713-719

Listen To Pronk Pops Podcast or DownloadShows 705-712

Listen To Pronk Pops Podcast or Download Shows 695-704

Listen To Pronk Pops Podcast or Download Shows 685-694

Listen To Pronk Pops Podcast or Download Shows 675-684

Listen To Pronk Pops Podcast or Download Shows 668-674

Listen To Pronk Pops Podcast or Download Shows 660-667

Listen To Pronk Pops Podcast or Download Shows 651-659

Listen To Pronk Pops Podcast or Download Shows 644-650

Listen To Pronk Pops Podcast or Download Shows 637-643

Listen To Pronk Pops Podcast or Download Shows 629-636

Listen To Pronk Pops Podcast or Download Shows 617-628

Listen To Pronk Pops Podcast or Download Shows 608-616

Listen To Pronk Pops Podcast or Download Shows 599-607

Listen To Pronk Pops Podcast or Download Shows 590-598

Listen To Pronk Pops Podcast or Download Shows 585- 589

Listen To Pronk Pops Podcast or Download Shows 575-584

Listen To Pronk Pops Podcast or Download Shows 565-574

Listen To Pronk Pops Podcast or Download Shows 556-564

Listen To Pronk Pops Podcast or Download Shows 546-555

Listen To Pronk Pops Podcast or Download Shows 538-545

Listen To Pronk Pops Podcast or Download Shows 532-537

Listen To Pronk Pops Podcast or Download Shows 526-531

Listen To Pronk Pops Podcast or Download Shows 519-525

Listen To Pronk Pops Podcast or Download Shows 510-518

Listen To Pronk Pops Podcast or Download Shows 500-509

Listen To Pronk Pops Podcast or Download Shows 490-499

Listen To Pronk Pops Podcast or Download Shows 480-489

Listen To Pronk Pops Podcast or Download Shows 473-479

Listen To Pronk Pops Podcast or Download Shows 464-472

Listen To Pronk Pops Podcast or Download Shows 455-463

Listen To Pronk Pops Podcast or Download Shows 447-454

Listen To Pronk Pops Podcast or Download Shows 439-446

Listen To Pronk Pops Podcast or Download Shows 431-438

Listen To Pronk Pops Podcast or Download Shows 422-430

Listen To Pronk Pops Podcast or Download Shows 414-421

Listen To Pronk Pops Podcast or Download Shows 408-413

Listen To Pronk Pops Podcast or Download Shows 400-407

Listen To Pronk Pops Podcast or Download Shows 391-399

Listen To Pronk Pops Podcast or Download Shows 383-390

Listen To Pronk Pops Podcast or Download Shows 376-382

Listen To Pronk Pops Podcast or Download Shows 369-375

Listen To Pronk Pops Podcast or Download Shows 360-368

Listen To Pronk Pops Podcast or Download Shows 354-359

Listen To Pronk Pops Podcast or Download Shows 346-353

Listen To Pronk Pops Podcast or Download Shows 338-345

Listen To Pronk Pops Podcast or Download Shows 328-337

Listen To Pronk Pops Podcast or Download Shows 319-327

Listen To Pronk Pops Podcast or Download Shows 307-318

Listen To Pronk Pops Podcast or Download Shows 296-306

Listen To Pronk Pops Podcast or Download Shows 287-295

Listen To Pronk Pops Podcast or Download Shows 277-286

Listen To Pronk Pops Podcast or Download Shows 264-276

Listen To Pronk Pops Podcast or Download Shows 250-263

Listen To Pronk Pops Podcast or Download Shows 236-249

Listen To Pronk Pops Podcast or Download Shows 222-235

Listen To Pronk Pops Podcast or Download Shows 211-221

Listen To Pronk Pops Podcast or Download Shows 202-210

Listen To Pronk Pops Podcast or Download Shows 194-201

Listen To Pronk Pops Podcast or Download Shows 184-193

Listen To Pronk Pops Podcast or Download Shows 174-183

Listen To Pronk Pops Podcast or Download Shows 165-173

Listen To Pronk Pops Podcast or Download Shows 158-164

Listen To Pronk Pops Podcast or Download Shows151-157

Listen To Pronk Pops Podcast or Download Shows 143-150

Listen To Pronk Pops Podcast or Download Shows 135-142

Listen To Pronk Pops Podcast or Download Shows 131-134

Listen To Pronk Pops Podcast or Download Shows 124-130

Listen To Pronk Pops Podcast or Download Shows 121-123

Listen To Pronk Pops Podcast or Download Shows 118-120

Listen To Pronk Pops Podcast or Download Shows 113 -117

Listen To Pronk Pops Podcast or Download Show 112

Listen To Pronk Pops Podcast or Download Shows 108-111

Listen To Pronk Pops Podcast or Download Shows 106-108

Listen To Pronk Pops Podcast or Download Shows 104-105

Listen To Pronk Pops Podcast or Download Shows 101-103

Listen To Pronk Pops Podcast or Download Shows 98-100

Listen To Pronk Pops Podcast or Download Shows 94-97

Listen To Pronk Pops Podcast or Download Show 93

Listen To Pronk Pops Podcast or Download Show 92

Listen To Pronk Pops Podcast or Download Show 91

Listen To Pronk Pops Podcast or Download Shows 88-90

Listen To Pronk Pops Podcast or Download Shows 84-87

Listen To Pronk Pops Podcast or Download Shows 79-83

Listen To Pronk Pops Podcast or Download Shows 74-78

Listen To Pronk Pops Podcast or Download Shows 71-73

Listen To Pronk Pops Podcast or Download Shows 68-70

Listen To Pronk Pops Podcast or Download Shows 65-67

Listen To Pronk Pops Podcast or Download Shows 62-64

Listen To Pronk Pops Podcast or Download Shows 58-61

Listen To Pronk Pops Podcast or Download Shows 55-57

Listen To Pronk Pops Podcast or Download Shows 52-54

Listen To Pronk Pops Podcast or Download Shows 49-51

Listen To Pronk Pops Podcast or Download Shows 45-48

Listen To Pronk Pops Podcast or Download Shows 41-44

Listen To Pronk Pops Podcast or Download Shows 38-40

Listen To Pronk Pops Podcast or Download Shows 34-37

Listen To Pronk Pops Podcast or Download Shows 30-33

Listen To Pronk Pops Podcast or Download Shows 27-29

Listen To Pronk Pops Podcast or Download Shows 17-26

Listen To Pronk Pops Podcast or Download Shows 16-22

Listen To Pronk Pops Podcast or Download Shows 10-15

Listen To Pronk Pops Podcast or Download Shows 1-9

Advertisements

Make a Comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: