THESE FORUMS NOW CLOSED (read only)

Fun Stuff => CLIKC => Topic started by: pwhodges on 13 May 2017, 01:30

Title: Wannacry Ransomware
Post by: pwhodges on 13 May 2017, 01:30
A major ransomware attack (https://www.haveibeencompromised.com/pages/wannacry.html).  This has, for instance, affected many hospitals in the UK (not the one I was working in, I can thankfully say).  Also some banks.

It is blocked by a Windows patch issued in March - keep your software well up to date guys!  Here are the thoughts of Steve Bellovin (https://www.cs.columbia.edu/~smb/blog//2017-05/2017-05-12.html) (a top computer security expert) on the problems of patching in the real world.
Title: Re: Wannacry Ransomware
Post by: pwhodges on 13 May 2017, 02:40
This is so serious that MS have released patches for Windows XP and Vista, and corresponding server versions.  Apparently they are hard to download because of the level of traffic!

https://www.bleepingcomputer.com/news/security/microsoft-releases-patch-for-older-windows-versions-to-protect-against-wana-decrypt0r/ (https://www.bleepingcomputer.com/news/security/microsoft-releases-patch-for-older-windows-versions-to-protect-against-wana-decrypt0r/)
Title: Re: Wannacry Ransomware
Post by: bhtooefr on 13 May 2017, 05:19
The Vista version of the patch had been released back in March with the initial wave of patches, for what it's worth - Vista was still in extended support at the time.

Also, all of the new patches are likely ones that would've been released to businesses paying the exorbitant sums to keep old OSes (like XP or Server 2003, primarily) under maintenance beyond the end of support. And, two of them were already publicly released for other OS releases with different licensing, but on the same codebase. But, one of them is a new release to the public.

What's new is the following:

Windows 8.0, both 32 and 64-bit (went out of support shortly after 8.1 came out, which was a problem for people using 64-bit 8.0 on some early AMD 64-bit platforms that didn't support 8.1) - this is an update that already existed for Server 2008 R1
Windows XP SP3 and XP Embedded SP3 - this is an update that already existed for Windows Embedded Standard 2009 and Windows Embedded POSReady 2009. Note that a lot of people still using XP have set a flag on their OS install to tell Windows Update that they're running POSReady.
Windows Server 2003, both 32 and 64-bit, and Windows XP x64 SP2 - this is the first time this one's made it in to the public.

Edit: Microsoft blog post on the matter: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Title: Re: Wannacry Ransomware
Post by: pwhodges on 17 May 2017, 14:14
There's another virus (not ransomware) using the same vulnerabilities as WannaCry, and at least as widely disseminated:

https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar (https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar)
Title: Re: Wannacry Ransomware
Post by: BenRG on 18 May 2017, 00:04
Just a bit of advice from my own hard experience: It may look like a fake email to introduce malware in every possible way but it may not be. If the email's source address claims to be from your employer's supplier, contact them to confirm whether it is legitimate before Ctrl+Del. I'm just lucky they kept a backup of those invoices!

That said, you would think that a local authority's procurement department's emails wouldn't look so much like a copy-and-paste job originating from some hacker's basement!
Title: Re: Wannacry Ransomware
Post by: Gyrre on 28 Jun 2017, 02:08
Thanks for the info and updates.
Title: Re: Wannacry Ransomware
Post by: Case on 17 Jul 2017, 14:54
"To battle hackers, IBM wants to encrypt the world" (https://www.washingtonpost.com/news/the-switch/wp/2017/07/17/to-battle-hackers-ibm-wants-to-encrypt-the-world/?utm_term=.718fcc700953)

Only tangentially related to wannacry, but seems like an interesting push by Big Blue.

"All matters encryption" might be a topic deserving of a thread of its own, but I couldn't find one?
Title: Re: Wannacry Ransomware
Post by: audrina on 24 Jul 2017, 05:52
Just a bit of advice from my own hard experience: It may look like a fake email to introduce malware in every possible way but it may not be. If the email's source address claims to be from your employer's supplier, contact them to confirm whether it is legitimate before Ctrl+Del. I'm just lucky they kept a backup of those invoices!

That said, you would think that a local authority's procurement department's emails wouldn't look so much like a copy-and-paste job originating from some hacker's basement!

Ouh, i think this type of spam can be called phishing. They are coming from the business account. May I add that such type of emails may look like an email from the bank. Usually, such emails asking for some private information. Be careful, do not feel your private information. By the way, do antivirus programs help to minimize the quantity of spam?
Title: Re: Wannacry Ransomware
Post by: audrina on 18 Aug 2017, 05:25
Hello, everyone! I keep getting a lot of spam emails during the last 2-3 weeks. I have no idea from where does it start because I did not give my email to someone.... Any ideas how to eliminate these spam emails?
Thank you  :-)
Title: Re: Wannacry Ransomware
Post by: Jimor on 19 Aug 2017, 21:17
This is usually because somebody who *does* have your email got hacked, not you. The person gets hacked, the hacker sells the e-mails in their address book to spammers, and even if you kept your e-mail completely private and never used it for anything online except e-mail with close friends and colleagues, you're suddenly on every spam list in the world.
Title: Re: Wannacry Ransomware
Post by: audrina on 21 Aug 2017, 02:45
Thank you, Jimor! You are right. I have had my email address for a while now, and it's likely that someone I know has been hacked, especially with the recent Yahoo breach :( I went through several articles regarding the spam reasons and ended up with this one (https://www.1and1.co.uk/digitalguide/e-mail/e-mail-security/how-to-recognize-spam-e-mails-and-prevent-them/). They pointed out that also giving your email address to websites, social networks, forums, chats, and comments can make you an easy target for e-mail harvesters. So... that could be the reason as well. They also describe how to eliminate spam, so this is useful for somebody like me who gets spam emails :P