Windows ransom ware attack WCry, WannaCry Wana Decryptor etc

AW Admin · May 14, 2017

Via NPR Ransomware Attacks Ravage Computer Networks In Dozens Of Countries

First, there were reports of Spain's largest telecom being hit with pop-up windows demanding a $300 ransom, paid in the cryptocurrency bitcoin, to access files. Then, at least 16 hospitals in England's National Health Service were affected, locking doctors and nurses out of patients' records unless they paid up. Then came word that networks around the world were under attack Friday.

Wana Decryptor exploits a Windows flaw that was patched in Microsoft's Security Bulletin MS17-010 in March. But on machines that haven't been updated or patched, the malicious code encrypts all of an infected machine's files — and then spreads itself.

cmhbob · May 14, 2017

The most disturbing part about this, other than the sheer magnitude, is the source of the hacker's code. It was derived from a piece of NSA software that was shared a few months ago.

Can't believe that a teenager figured out the kill switch (a domain name) and activated it.

MaeZe · May 14, 2017

cmhbob said:
The most disturbing part about this, other than the sheer magnitude, is the source of the hacker's code. It was derived from a piece of NSA software that was shared a few months ago.

Can't believe that a teenager figured out the kill switch (a domain name) and activated it.

Leaked NSA hacking tools are a hit on the dark web

amergina · May 14, 2017

cmhbob said:
Can't believe that a teenager figured out the kill switch (a domain name) and activated it.

Kids these days are damn smart.

Matera the Mad · May 14, 2017

A tidbit

https://blog.comae.io/wannacry-new-variants-detected-b8908fefea7e

AW Admin · May 14, 2017

They're already mutating the versions, though researchers have managed to thwart some of them.

Please make sure that you're up to date in terms of Windows. See: https://support.microsoft.com/en-us/help/4012598/title

See also the Microsoft Update Catalog. There are even patches for older, no longer supported Windows versions in the Update catalog; see link above.

See also: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

- - - Updated - - -

cmhbob said:
The most disturbing part about this, other than the sheer magnitude, is the source of the hacker's code. It was derived from a piece of NSA software that was shared a few months ago.

Can't believe that a teenager figured out the kill switch (a domain name) and activated it.

Yep.

Which is one reason Apple isn't willing to reverse engineer Apple's own security and create tools; they can and do end up in the wild.

MaeZe · May 14, 2017

Have we reached the point where the 'cloud' or other back up sites can be hit? I'm debating buying a new Mac Time Machine vs using a cloud type back up. I keep my novel backed up on 4 different flash drives and I have a good proportion of the chapters backed up on paper, but those don't include my daily editing work.

MaeZe · May 14, 2017

This is a depressing site: Mac Malware Guide

Bacchus · May 15, 2017

MaeZe said:
Have we reached the point where the 'cloud' or other back up sites can be hit? I'm debating buying a new Mac Time Machine vs using a cloud type back up. I keep my novel backed up on 4 different flash drives and I have a good proportion of the chapters backed up on paper, but those don't include my daily editing work.

Not sure how it works with Mac and the cloud, but I use dropbox which the PC sees as just another drive and so, yes, files on it will be infected. On the positive side, dropbox keeps saved versions seperately so they won't be, it should be possible to go back to the last saved version.

Like you, I still keep regular back-ups of my own, on distinct flash-drives, and kept in different rooms (ideally in a different building, although that isn't always feasible)

Maryn · May 15, 2017

For Your Information: When you update Windows, whatever version you're running, to get the patch to protect you from this new threat, go off and do something else. I didn't clock it, but I estimate it was 20 minutes at a minimum, on high-speed internet.

Maryn, who also updated her antivirus software last night

Matera the Mad · May 15, 2017

Anything that is connected in any way to your computer when a virus hits will be affected. You should always back up to an external drive that can be disconnected, and keep it disconnected when you're not backing up. If all you have is a cloud backup, you can keep it safe by not letting the backup software run all the time. Remove it from your startup programs and only run it when you need to. Not really possible with OneDrive.

AW Admin · May 15, 2017

Note that Linux or macOS/OS X users running Windows emulation are still vulnerable.

MaeZe · May 15, 2017

AW Admin said:
Note that Linux or macOS/OS X users running Windows emulation are still vulnerable.

It also appears from my Net searching that there is ransomware for both Mac and Linux though this hit may not include that. Not knowing which security blogs are valid I'm not recommending this link, just saying I found that information on it: http://www.thesafemac.com/

AW Admin · May 15, 2017

MaeZe said:
It also appears from my Net searching that there is ransomware for both Mac and Linux though this hit may not include that. Not knowing which security blogs are valid I'm not recommending this link, just saying I found that information on it: http://www.thesafemac.com/

Ransome ware for Mac OS does exist; it is thus far largely associated with BitTorrent use.

Ransomware is a general category of malware, as is adware. The particular ransomware in this thread thus far exclusively targets Windows.

Windows ransom ware attack WCry, WannaCry Wana Decryptor etc

AW Admin

cmhbob

Did...did I do that?

MaeZe

amergina

Pittsburgh Strong

Matera the Mad

Bartender, gimme a Linux Mint

AW Admin

MaeZe

MaeZe

Bacchus

Maryn

Baaa!

Matera the Mad

Bartender, gimme a Linux Mint

AW Admin

MaeZe

AW Admin