Jeph Jacques's comics discussion forums

  • 26 May 2017, 05:57
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Wannacry Ransomware  (Read 249 times)

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Offline Offline
  • Posts: 14,275
  • Blessed Vessel
    • My home page
Wannacry Ransomware
« on: 13 May 2017, 01:30 »

A major ransomware attack.  This has, for instance, affected many hospitals in the UK (not the one I was working in, I can thankfully say).  Also some banks.

It is blocked by a Windows patch issued in March - keep your software well up to date guys!  Here are the thoughts of Steve Bellovin (a top computer security expert) on the problems of patching in the real world.
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Offline Offline
  • Posts: 14,275
  • Blessed Vessel
    • My home page
Re: Wannacry Ransomware
« Reply #1 on: 13 May 2017, 02:40 »

This is so serious that MS have released patches for Windows XP and Vista, and corresponding server versions.  Apparently they are hard to download because of the level of traffic!

https://www.bleepingcomputer.com/news/security/microsoft-releases-patch-for-older-windows-versions-to-protect-against-wana-decrypt0r/
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

bhtooefr

  • Born in a Nalgene bottle
  • *****
  • Offline Offline
  • Posts: 3,090
  • ⌘-⌥-⌃-N
Re: Wannacry Ransomware
« Reply #2 on: 13 May 2017, 05:19 »

The Vista version of the patch had been released back in March with the initial wave of patches, for what it's worth - Vista was still in extended support at the time.

Also, all of the new patches are likely ones that would've been released to businesses paying the exorbitant sums to keep old OSes (like XP or Server 2003, primarily) under maintenance beyond the end of support. And, two of them were already publicly released for other OS releases with different licensing, but on the same codebase. But, one of them is a new release to the public.

What's new is the following:

Windows 8.0, both 32 and 64-bit (went out of support shortly after 8.1 came out, which was a problem for people using 64-bit 8.0 on some early AMD 64-bit platforms that didn't support 8.1) - this is an update that already existed for Server 2008 R1
Windows XP SP3 and XP Embedded SP3 - this is an update that already existed for Windows Embedded Standard 2009 and Windows Embedded POSReady 2009. Note that a lot of people still using XP have set a flag on their OS install to tell Windows Update that they're running POSReady.
Windows Server 2003, both 32 and 64-bit, and Windows XP x64 SP2 - this is the first time this one's made it in to the public.

Edit: Microsoft blog post on the matter: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
« Last Edit: 13 May 2017, 06:55 by bhtooefr »
Logged
Blodwyn is the Chessmaster

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Offline Offline
  • Posts: 14,275
  • Blessed Vessel
    • My home page
Re: Wannacry Ransomware
« Reply #3 on: 17 May 2017, 14:14 »

There's another virus (not ransomware) using the same vulnerabilities as WannaCry, and at least as widely disseminated:

https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

BenRG

  • Older than Moses
  • *****
  • Online Online
  • Posts: 4,315
  • Boldly Going From The Back Seat!
Re: Wannacry Ransomware
« Reply #4 on: 18 May 2017, 00:04 »

Just a bit of advice from my own hard experience: It may look like a fake email to introduce malware in every possible way but it may not be. If the email's source address claims to be from your employer's supplier, contact them to confirm whether it is legitimate before Ctrl+Del. I'm just lucky they kept a backup of those invoices!

That said, you would think that a local authority's procurement department's emails wouldn't look so much like a copy-and-paste job originating from some hacker's basement!
Logged
~~~~

They call me BenRG... But I don't know why!
Pages: [1]   Go Up