Jeph Jacques's comics discussion forums

  • 26 Sep 2017, 12:50
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Wannacry Ransomware  (Read 1332 times)

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Offline Offline
  • Posts: 14,646
  • Blessed Vessel
    • My home page
Wannacry Ransomware
« on: 13 May 2017, 01:30 »

A major ransomware attack.  This has, for instance, affected many hospitals in the UK (not the one I was working in, I can thankfully say).  Also some banks.

It is blocked by a Windows patch issued in March - keep your software well up to date guys!  Here are the thoughts of Steve Bellovin (a top computer security expert) on the problems of patching in the real world.
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Offline Offline
  • Posts: 14,646
  • Blessed Vessel
    • My home page
Re: Wannacry Ransomware
« Reply #1 on: 13 May 2017, 02:40 »

This is so serious that MS have released patches for Windows XP and Vista, and corresponding server versions.  Apparently they are hard to download because of the level of traffic!

https://www.bleepingcomputer.com/news/security/microsoft-releases-patch-for-older-windows-versions-to-protect-against-wana-decrypt0r/
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

bhtooefr

  • Born in a Nalgene bottle
  • *****
  • Offline Offline
  • Posts: 3,251
  • ⌘-⌥-⌃-N
Re: Wannacry Ransomware
« Reply #2 on: 13 May 2017, 05:19 »

The Vista version of the patch had been released back in March with the initial wave of patches, for what it's worth - Vista was still in extended support at the time.

Also, all of the new patches are likely ones that would've been released to businesses paying the exorbitant sums to keep old OSes (like XP or Server 2003, primarily) under maintenance beyond the end of support. And, two of them were already publicly released for other OS releases with different licensing, but on the same codebase. But, one of them is a new release to the public.

What's new is the following:

Windows 8.0, both 32 and 64-bit (went out of support shortly after 8.1 came out, which was a problem for people using 64-bit 8.0 on some early AMD 64-bit platforms that didn't support 8.1) - this is an update that already existed for Server 2008 R1
Windows XP SP3 and XP Embedded SP3 - this is an update that already existed for Windows Embedded Standard 2009 and Windows Embedded POSReady 2009. Note that a lot of people still using XP have set a flag on their OS install to tell Windows Update that they're running POSReady.
Windows Server 2003, both 32 and 64-bit, and Windows XP x64 SP2 - this is the first time this one's made it in to the public.

Edit: Microsoft blog post on the matter: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
« Last Edit: 13 May 2017, 06:55 by bhtooefr »
Logged
Blodwyn is the Chessmaster

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Offline Offline
  • Posts: 14,646
  • Blessed Vessel
    • My home page
Re: Wannacry Ransomware
« Reply #3 on: 17 May 2017, 14:14 »

There's another virus (not ransomware) using the same vulnerabilities as WannaCry, and at least as widely disseminated:

https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

BenRG

Re: Wannacry Ransomware
« Reply #4 on: 18 May 2017, 00:04 »

Just a bit of advice from my own hard experience: It may look like a fake email to introduce malware in every possible way but it may not be. If the email's source address claims to be from your employer's supplier, contact them to confirm whether it is legitimate before Ctrl+Del. I'm just lucky they kept a backup of those invoices!

That said, you would think that a local authority's procurement department's emails wouldn't look so much like a copy-and-paste job originating from some hacker's basement!
Logged
~~~~

They call me BenRG... But I don't know why!

Gyrre

  • Psychopath in a hockey mask
  • ****
  • Offline Offline
  • Posts: 617
Re: Wannacry Ransomware
« Reply #5 on: 28 Jun 2017, 02:08 »

Thanks for the info and updates.
Logged
Quote
If we're going to prison for opening a robot opium den, we're gonna do it riding a teapot shaped like a triceratops.

Case

  • Only pretending to work
  • *****
  • Offline Offline
  • Posts: 2,160
  • Putting the 'mental' into judgemental
Re: Wannacry Ransomware
« Reply #6 on: 17 Jul 2017, 14:54 »

"To battle hackers, IBM wants to encrypt the world"

Only tangentially related to wannacry, but seems like an interesting push by Big Blue.

"All matters encryption" might be a topic deserving of a thread of its own, but I couldn't find one?
Logged
Quote from: Rosa Luxemburg
Freedom is always the freedom of the dissenter
Quote from: Akima
Besides which, forgiving other people is something you do for yourself, not for them.

audrina

  • Not quite a lurker
  • Offline Offline
  • Posts: 15
Re: Wannacry Ransomware
« Reply #7 on: 24 Jul 2017, 05:52 »

Just a bit of advice from my own hard experience: It may look like a fake email to introduce malware in every possible way but it may not be. If the email's source address claims to be from your employer's supplier, contact them to confirm whether it is legitimate before Ctrl+Del. I'm just lucky they kept a backup of those invoices!

That said, you would think that a local authority's procurement department's emails wouldn't look so much like a copy-and-paste job originating from some hacker's basement!

Ouh, i think this type of spam can be called phishing. They are coming from the business account. May I add that such type of emails may look like an email from the bank. Usually, such emails asking for some private information. Be careful, do not feel your private information. By the way, do antivirus programs help to minimize the quantity of spam?
Logged

audrina

  • Not quite a lurker
  • Offline Offline
  • Posts: 15
Re: Wannacry Ransomware
« Reply #8 on: 18 Aug 2017, 05:25 »

Hello, everyone! I keep getting a lot of spam emails during the last 2-3 weeks. I have no idea from where does it start because I did not give my email to someone.... Any ideas how to eliminate these spam emails?
Thank you  :-)
Logged

Jimor

  • Duck attack survivor
  • *****
  • Offline Offline
  • Posts: 1,568
    • Songwriter Sacramento
Re: Wannacry Ransomware
« Reply #9 on: 19 Aug 2017, 21:17 »

This is usually because somebody who *does* have your email got hacked, not you. The person gets hacked, the hacker sells the e-mails in their address book to spammers, and even if you kept your e-mail completely private and never used it for anything online except e-mail with close friends and colleagues, you're suddenly on every spam list in the world.
Logged
The Butterfly Sorceress a fantasy serial novel (posting it here on QC forums now, link to other forum in first post)
Chapter 6, Part 2 added 11/12/09

audrina

  • Not quite a lurker
  • Offline Offline
  • Posts: 15
Re: Wannacry Ransomware
« Reply #10 on: 21 Aug 2017, 02:45 »

Thank you, Jimor! You are right. I have had my email address for a while now, and it's likely that someone I know has been hacked, especially with the recent Yahoo breach :( I went through several articles regarding the spam reasons and ended up with this one. They pointed out that also giving your email address to websites, social networks, forums, chats, and comments can make you an easy target for e-mail harvesters. So... that could be the reason as well. They also describe how to eliminate spam, so this is useful for somebody like me who gets spam emails :P
Logged
Pages: [1]   Go Up