Fun Stuff > CLIKC

Wannacry Ransomware

(1/3) > >>

pwhodges:
A major ransomware attack.  This has, for instance, affected many hospitals in the UK (not the one I was working in, I can thankfully say).  Also some banks.

It is blocked by a Windows patch issued in March - keep your software well up to date guys!  Here are the thoughts of Steve Bellovin (a top computer security expert) on the problems of patching in the real world.

pwhodges:
This is so serious that MS have released patches for Windows XP and Vista, and corresponding server versions.  Apparently they are hard to download because of the level of traffic!

https://www.bleepingcomputer.com/news/security/microsoft-releases-patch-for-older-windows-versions-to-protect-against-wana-decrypt0r/

bhtooefr:
The Vista version of the patch had been released back in March with the initial wave of patches, for what it's worth - Vista was still in extended support at the time.

Also, all of the new patches are likely ones that would've been released to businesses paying the exorbitant sums to keep old OSes (like XP or Server 2003, primarily) under maintenance beyond the end of support. And, two of them were already publicly released for other OS releases with different licensing, but on the same codebase. But, one of them is a new release to the public.

What's new is the following:

Windows 8.0, both 32 and 64-bit (went out of support shortly after 8.1 came out, which was a problem for people using 64-bit 8.0 on some early AMD 64-bit platforms that didn't support 8.1) - this is an update that already existed for Server 2008 R1
Windows XP SP3 and XP Embedded SP3 - this is an update that already existed for Windows Embedded Standard 2009 and Windows Embedded POSReady 2009. Note that a lot of people still using XP have set a flag on their OS install to tell Windows Update that they're running POSReady.
Windows Server 2003, both 32 and 64-bit, and Windows XP x64 SP2 - this is the first time this one's made it in to the public.

Edit: Microsoft blog post on the matter: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

pwhodges:
There's another virus (not ransomware) using the same vulnerabilities as WannaCry, and at least as widely disseminated:

https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar

BenRG:
Just a bit of advice from my own hard experience: It may look like a fake email to introduce malware in every possible way but it may not be. If the email's source address claims to be from your employer's supplier, contact them to confirm whether it is legitimate before Ctrl+Del. I'm just lucky they kept a backup of those invoices!

That said, you would think that a local authority's procurement department's emails wouldn't look so much like a copy-and-paste job originating from some hacker's basement!

Navigation

[0] Message Index

[#] Next page