TriniTuner.com  |  Latest Event:  

Forums

WannaCry Global ransom-ware attack reaches T&T - patch now

this is how we do it.......

Moderator: 3ne2nr Mods

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

WannaCry Global ransom-ware attack reaches T&T - patch now

Postby redmanjp » May 13th, 2017, 11:58 pm

over 230,000 PCs hit in 150 countries in just 2 days and counting :shock: :shock:

Update: It's in T&T

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

WannaCry,[2] also known by the names WannaCrypt,[3] WanaCrypt0r 2.0,[4][5] Wanna Decryptor[6] and other similar names, is a ransomware program targeting Microsoft Windows. In May 2017, a large cyber-attack using it was launched, infecting over 230,000 computers in 99 countries, demanding ransom payments in bitcoin in 28 languages. The attack has been described by Europol as unprecedented in scale.[7]

The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain's National Health Service (NHS),[8] FedEx and Deutsche Bahn.[9][10][11] Other targets in at least 99 countries were also reported to have been attacked around the same time.[12][13]

WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA)[14][15] to attack computers running Microsoft Windows operating systems.[5][16] Although a patch to remove the underlying vulnerability for supported systems had been issued on 14 March 2017,[17] delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left some users vulnerable.[18] To deal with the unsupported Windows systems Microsoft has taken the unusual step of releasing updates for the unsupported Windows XP and Windows Server 2003 and patches for Windows 8 operating systems.[3][19]

Shortly after the attack began a researcher found an effective kill switch, which prevented new infections. This greatly slowed the spread. However, it has been reported that subsequently new versions of the attack have been detected which lack the kill switch, and thus all vulnerable systems must still be patched as soon as possible.[20]

Contents [hide]
1 Background
2 Attack
3 Impact
4 List of affected organizations
5 Response
6 Reactions
7 See also
8 References
Background[edit]
The purported infection vector, EternalBlue, was released by the hacker group The Shadow Brokers on 14 April 2017,[21][22] along with other tools apparently leaked from Equation Group, which is believed to be part of the United States National Security Agency.[23][24]

EternalBlue exploits vulnerability MS17-010[17] in Microsoft's implementation of the Server Message Block (SMB) protocol. Microsoft had released a "Critical" advisory, along with an update patch to plug the vulnerability a month before, on 14 March 2017.[17] This patch only fixed Windows Vista and later operating systems but not the older Windows XP.


Countries initially affected[25]
Attack[edit]
On 12 May 2017, WannaCry began affecting computers worldwide.[26] After gaining access to the computers, reportedly via email attachment,[citation needed] then spreading through the local area network (LAN), the ransomware encrypts the computer's hard disk drive,[27][28] then attempts to exploit the SMB vulnerability to spread to random computers on the Internet via TCP port 445,[29] and "laterally" between computers on the same LAN.[30] As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of $300 in bitcoin within three days.

The Windows vulnerability is not a zero-day flaw, but one for which Microsoft had made available a security patch on 14 March 2017,[17] nearly two months before the attack. The patch was to the Server Message Block (SMB) protocol used by Windows.[31] Organizations that lacked this security patch were affected for this reason, although there is so far no evidence that any were specifically targeted by the ransomware developers.[31] Any organization still running the older Windows XP[32] were at particularly high risk because until 13 May,[3] no security patches had been released since April 2014.[33] Following the attack, Microsoft released a security patch for Windows XP.[3]

According to Wired, affected systems will also have had the DOUBLEPULSAR backdoor installed; this will also need to be removed when systems are decrypted.[34]

Impact[edit]
The ransomware campaign was unprecedented in scale according to Europol.[7] The attack affected many National Health Service hospitals in the UK.[35] On 12 May, some NHS services had to turn away non-critical emergencies, and some ambulances were diverted.[9][36] In 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP.[32] Nissan Motor Manufacturing UK in Tyne and Wear, one of Europe's most productive car manufacturing plants, halted production after the ransomware infected some of their systems. Renault also stopped production at several sites in an attempt to stop the spread of the ransomware.[37][38]

List of affected organizations[edit]
São Paulo Court of Justice (Brazil)[39]
Vivo (Telefônica Brasil) (Brazil)[40]
Sun Yat-sen University (China)[41]
Instituto Nacional de Salud (Colombia)[42]
Renault (France)[43]
Deutsche Bahn (Germany)[44]
Telenor Hungary (Hungary)[45]
Andhra Pradesh Police (India)[46]
Dharmais Hospital (Indonesia)[41]
Harapan Kita Hospital (Indonesia)[41]
University of Milano-Bicocca (Italy)[47]
Portugal Telecom (Portugal)[48]
Automobile Dacia (Romania)[49]
Ministry of Foreign Affairs (Romania)[50]
MegaFon (Russia)[51]
Ministry of Internal Affairs (Russia)[52]
Russian Railways (Russia)[53]
Banco Bilbao Vizcaya Argentaria (Spain)[54]
Telefónica (Spain)[54]
Sandvik (Sweden)[41]
National Health Service (United Kingdom)[55]
Nissan UK (United Kingdom)[55]
FedEx (United States)[56]
Response[edit]
Several hours after the initial release of the ransomware on 12 May 2017, a "kill switch" hardcoded into the malware was discovered. This allowed the spread of the initial infection to be halted by registering a domain name. Analysis of the kill switch suggested that it may be a bug in the malware whose code was originally intended to make the attack harder to analyse. However, whatever the purpose of it, variants without the kill switch were detected the next day.[57][58][59][60]

Reactions[edit]
Upon learning about the impact on the NHS, Edward Snowden said that had the NSA "privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] may not have happened".[61]

British Prime Minister Theresa May said of the ransomware, "This is not targeted at the NHS. It is an international attack. A number of countries and organizations have been affected."[62] However, opposition and tech experts have said that the effects of the hack were exacerbated by Conservative underfunding of the NHS as part of the government's austerity measures, in particular the Department of Health's refusal to pay extra to Microsoft in order to keep protecting outdated Windows XP systems from such attacks.[63] Home secretary Amber Rudd refused to say whether patient data had been backed up, and shadow health secretary Jonathan Ashworth accused health secretary Jeremy Hunt of refusing to act on a critical note from Microsoft two months previously, as other warnings from the National Cyber Security Centre and National Crime Agency.[64]

Microsoft has created security patches for its now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.[65]


http://www.trinidadexpress.com/20170512/features/global-extortion-cyberattack-hits-dozens-of-nations


Protect yourself from this:

Have up-to-date antivirus. However if you are still infected, know that removing the virus will not decrypt the files!

Backup important files regularly! Note that some types of ransomware will detect external drives and encrypt that too! So after u backup, disconnect!

Make sure u have Automatic Updates installed. If u still have a XP machine u need to manually download a patch from Microsoft and install it.
Last edited by redmanjp on May 19th, 2017, 12:07 am, edited 5 times in total.

Advertisement
User avatar
Country_Bookie
12 pounds of Boost
Posts: 2265
Joined: September 2nd, 2008, 1:14 pm
Location: Beating the sky with broken wings
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby Country_Bookie » May 14th, 2017, 12:47 am

good thing our hospitals in tt have patient histories recorded in crapaud foot hand written form. Hack that, beyotches!

User avatar
eurotuner
12 pounds of Boost
Posts: 2224
Joined: September 15th, 2006, 3:02 pm
Location: Saving to buy dream car - Tiida.

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby eurotuner » May 14th, 2017, 2:41 am

Somebody break down this mumbo jumbo please

User avatar
sMASH
TriniTuner 24-7
Posts: 13624
Joined: January 11th, 2005, 4:30 am

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby sMASH » May 14th, 2017, 4:52 am

hardest thing, while i'm reading this, windows poped up that threats are being found...

User avatar
skylinechild
3ne2nr Toppa Toppa
Posts: 5608
Joined: January 13th, 2008, 11:38 pm
Location: In a Skyline

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby skylinechild » May 14th, 2017, 11:09 am

eurotuner wrote:Somebody break down this mumbo jumbo please


software exploits money from you if your pc is infected.

Microsoft aware of the issue released a software update - but it seems alot of ppl dont do windows update.

solution update windows regularly and practice safe computing and common sense.

User avatar
DTAC
Shifting into 6th
Posts: 2165
Joined: October 15th, 2008, 1:56 am

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby DTAC » May 14th, 2017, 11:31 am

skylinechild wrote:
eurotuner wrote:Somebody break down this mumbo jumbo please


software exploits money from you if your pc is infected.

Microsoft aware of the issue released a software update - but it seems alot of ppl dont do windows update.

solution update windows regularly and practice safe computing and common sense.

The only patches pirates are interested in are the ones that go over your eye.

User avatar
eurotuner
12 pounds of Boost
Posts: 2224
Joined: September 15th, 2006, 3:02 pm
Location: Saving to buy dream car - Tiida.

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby eurotuner » May 14th, 2017, 11:43 am

skylinechild wrote:
eurotuner wrote:Somebody break down this mumbo jumbo please


software exploits money from you if your pc is infected.

Microsoft aware of the issue released a software update - but it seems alot of ppl dont do windows update.

solution update windows regularly and practice safe computing and common sense.

Got it, googling now since I'm on windows, things like this make me wish I stayed with Mac.

User avatar
skylinechild
3ne2nr Toppa Toppa
Posts: 5608
Joined: January 13th, 2008, 11:38 pm
Location: In a Skyline

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby skylinechild » May 14th, 2017, 11:53 am

eurotuner wrote:
skylinechild wrote:
eurotuner wrote:Somebody break down this mumbo jumbo please


software exploits money from you if your pc is infected.

Microsoft aware of the issue released a software update - but it seems alot of ppl dont do windows update.

solution update windows regularly and practice safe computing and common sense.

Got it, googling now since I'm on windows, things like this make me wish I stayed with Mac.


windows is a good platform..just like mac and linux...the key with any computer is safe computing and good common sense.

the fastest computer in the world cud move like crap if its loaded with crap....same goes for mac and linux and windows....
GIGO - garbage in garbage out.

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby redmanjp » May 14th, 2017, 4:52 pm

They real nasty boy. This is what it looks like: with a count down timer and all. :shock:

Image
Last edited by redmanjp on May 14th, 2017, 5:51 pm, edited 1 time in total.

User avatar
shogun
TriniTuner 24-7
Posts: 13196
Joined: May 6th, 2008, 12:24 pm
Location: Gone Rogue.

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby shogun » May 14th, 2017, 5:04 pm

redmanjp wrote:with a count down timer and all. :shock:


:shock:

D hell! e-extortion, yes

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby redmanjp » May 14th, 2017, 5:40 pm

So files encrypted on Saturday, u have 3 days before the ransom goes from US$300 to $600, and another 4 days before files are deleted!!

and it's the weekend - when people go back to work tomorrow how much more we go have- perhaps it will reach Trinidad in a few hours

User avatar
xtech
punchin NOS
Posts: 2708
Joined: March 15th, 2006, 2:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby xtech » May 14th, 2017, 5:48 pm

Experts saying that the ransomware made just over $32,000 over the weekend but they expected that balance to pop when people go back into the office Monday.

Moving all my important files to removable storage yes.

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby redmanjp » May 14th, 2017, 5:53 pm

xtech wrote:Experts saying that the ransomware made just over $32,000 over the weekend but they expected that balance to pop when people go back into the office Monday.

Moving all my important files to removable storage yes.


Good idea. because removing the virus will not decrypt the files! Also some types of ransomware will detect external drives and encrypt that too! So after u backup, disconnect!

Make sure u have Automatic Updates installed. If u still have a XP machine u need to manually download a patch from Microsoft and install it.

User avatar
megadoc1
punchin NOS
Posts: 3257
Joined: January 9th, 2006, 7:33 pm
Location: advancing the kingdom of heaven

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby megadoc1 » May 14th, 2017, 8:47 pm

xp user checking in

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby redmanjp » May 14th, 2017, 9:27 pm

Duane can u sticky this thread? considering how urgent it is and the implications of thousands of PCs losing their files in no money is paid.

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby redmanjp » May 14th, 2017, 11:52 pm

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.001wpvhg0188hfnlqkg28q9s72mum

The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack

Posted May 14, 2017 by Brad Smith - President and Chief Legal Officer

Early Friday morning the world experienced the year’s latest cyberattack.

Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.

All of this provides the broadest example yet of so-called “ransomware,” which is only one type of cyberattack. Unfortunately, consumers and business leaders have become familiar with terms like “zero day” and “phishing” that are part of the broad array of tools used to attack individuals and infrastructure. We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident. This included a decision to take additional steps to assist users with older systems that are no longer supported. Clearly, responding to this attack and helping those affected needs to be our most immediate priority.

At the same time, it’s already apparent that there will be broader and important lessons from the “WannaCrypt” attack we’ll need to consider to avoid these types of attacks in the future. I see three areas where this event provides an opportunity for Microsoft and the industry to improve.

As a technology company, we at Microsoft have the first responsibility to address these issues. We increasingly are among the first responders to attacks on the internet. We have more than 3,500 security engineers at the company, and we’re working comprehensively to address cybersecurity threats. This includes new security functionality across our entire software platform, including constant updates to our Advanced Threat Protection service to detect and disrupt new cyberattacks. In this instance, this included the development and release of the patch in March, a prompt update on Friday to Windows Defender to detect the WannaCrypt attack, and work by our customer support personnel to help customers afflicted by the attack.

But as this attack demonstrates, there is no cause for celebration. We’ll assess this attack, ask what lessons we can learn, and apply these to strengthen our capabilities. Working through our Microsoft Threat Intelligence Center (MSTIC) and Digital Crimes Unit, we’ll also share what we learn with law enforcement agencies, governments, and other customers around the world.

Second, this attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support.

At the same time, we have a clear understanding of the complexity and diversity of today’s IT infrastructure, and how updates can be a formidable practical challenge for many customers. Today, we use robust testing and analytics to enable rapid updates into IT infrastructure, and we are dedicated to developing further steps to help ensure security updates are applied immediately to all IT environments.

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world.

We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to help answer this call, and Microsoft is committed to doing its part.

About the Author

Brad Smith
President and Chief Legal Officer

Brad Smith is Microsoft’s president and chief legal officer. Smith plays a key role in representing the company externally and in leading the company’s work on a number of critical issues including privacy, security, accessibility, environmental sustainability and digital inclusion, among others.

User avatar
AbstractPoetic
Chronic TriniTuner
Posts: 684
Joined: January 6th, 2007, 1:26 am
Location: Ivy League

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby AbstractPoetic » May 15th, 2017, 6:28 am

Thank goodness for Macintosh.

User avatar
hydroep
3ne2nr Toppa Toppa
Posts: 5021
Joined: February 4th, 2007, 9:16 pm

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby hydroep » May 15th, 2017, 6:39 am

Some are speculating that Microsoft is behind this...to "encourage" people to upgrade.

User avatar
uncle sam
punchin NOS
Posts: 3017
Joined: December 12th, 2006, 12:44 pm
Location: port of spain

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby uncle sam » May 15th, 2017, 7:04 am

lol windows... lol local storage

User avatar
Coppershot
Riding on 17's
Posts: 1500
Joined: September 20th, 2003, 5:27 pm
Location: (The Far East Rulerz)

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby Coppershot » May 15th, 2017, 7:38 am

Fixed
AbstractPoetic wrote:Thank goodness for Hackintosh.

User avatar
Coppershot
Riding on 17's
Posts: 1500
Joined: September 20th, 2003, 5:27 pm
Location: (The Far East Rulerz)

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby Coppershot » May 15th, 2017, 8:00 am

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Microsoft solution available to protect additional products

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

Details are below.

In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog. For those new to the Microsoft Malware Protection Center, this is a technical discussion focused on providing the IT Security Professional with information to help further protect systems.

We are working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate.

Phillip Misner, Principal Security Group Manager Microsoft Security Response Center

Further resources:

Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

General information on ransomware: https://www.microsoft.com/en-us/securit ... mware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/lib ... 7-010.aspx

User avatar
src1983
18 pounds of Boost
Posts: 2341
Joined: February 17th, 2009, 11:09 am
Location: Somewhere

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby src1983 » May 15th, 2017, 8:32 am

AbstractPoetic wrote:Thank goodness for Macintosh.


Mac incompatible with many business software

User avatar
src1983
18 pounds of Boost
Posts: 2341
Joined: February 17th, 2009, 11:09 am
Location: Somewhere

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby src1983 » May 15th, 2017, 8:33 am

Automatic updates and daily backups and you safe

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby redmanjp » May 15th, 2017, 12:42 pm

src1983 wrote:Automatic updates and daily backups and you safe


those backups would also have to be kept offline, some ransomware does encrypt that as well

Also setting up a record on your DNS server pointing to a local webserver is a temporary way to shutdown the virus as it tries to access a particular domain- if the domain's up it shuts down.

User avatar
VexXx Dogg
TriniTuner 24-7
Posts: 13257
Joined: May 1st, 2003, 10:23 am
Location: ���

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby VexXx Dogg » May 15th, 2017, 3:11 pm

killswitch not guranteed.
http://thehackernews.com/2017/05/wannac ... ttack.html

LONG STORY SHORT
Upgrade, Patch OS & Disable SMBv1

notaffected because linux and osx

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby redmanjp » May 16th, 2017, 12:56 am

Check out this page showing real time map of the infection worldwide- select 24 hr - digital Armageddon boy

https://intel.malwaretech.com/botnet/wcrypt

I heard how creating a DNS record for the domains it tries to reach can cause it to shutdown- anyone know how to do this? it would help buy time before we can ensure all PC are patched.

adnj
Shifting into 6th
Posts: 2165
Joined: February 24th, 2014, 2:55 pm

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby adnj » May 16th, 2017, 6:30 am

This is an old exploit that was published years ago. This was one of the reasons that Microsoft gave away upgrades to Widows 10.

redmanjp
TriniTuner 24-7
Posts: 7600
Joined: September 22nd, 2009, 11:01 pm
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby redmanjp » May 16th, 2017, 6:40 pm

So I read somewhere a guy had tried installing a fresh copy of XP and put it directly facing the internet- got infected in 3 minutes.

So if anyone has XP or an unpatched Windows (because u doh like auto-updates, or have a pirate copy) DON'T DO IT! Not only would u be infected in no time but u will also in turn infect thousands of other machines on the Internet!

This would probably apply to cable modem (Flow) users mostly as some cable modems (not sure about the new wifi ones) give you a public IP address.

kamakazi
12 pounds of Boost
Posts: 2272
Joined: February 14th, 2009, 10:32 am

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby kamakazi » May 16th, 2017, 9:40 pm

Anyone know of anyone who got infected by this locally

User avatar
Duane 3NE 2NR
Admin
Posts: 21463
Joined: March 24th, 2003, 10:27 am
Location: T&T
Contact:

Re: WannaCry Global ransom-ware attack - patch your computer now

Postby Duane 3NE 2NR » May 16th, 2017, 9:43 pm

"Researchers at Kaspersky Lab have uncovered new evidence linking the WannaCry ransomware code to North Korea. In a post today, the group detailed a segment of code used in both an early WannaCry variant and a February 2015 sample attributed to the Lazarus Group, a Kaspersky-tracked actor tied to the North Korean government. The overlap was first spotted by Google researcher Neal Mehta, and Kaspersky believes the similarity goes far beyond shared code."

https://www.theverge.com/2017/5/15/1564 ... wannacrypt

Advertisement

Return to “Ole talk and more Ole talk”

Who is online

Users browsing this forum: antlind, hindian, pugboy, redmanjp, sMASH, toyotajumbie and 99 guests