Jeph Jacques's comics discussion forums

  • 27 Jul 2017, 13:34
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Wannacry Ransomware  (Read 647 times)

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Online Online
  • Posts: 14,463
  • Blessed Vessel
    • My home page
Wannacry Ransomware
« on: 13 May 2017, 01:30 »

A major ransomware attack.  This has, for instance, affected many hospitals in the UK (not the one I was working in, I can thankfully say).  Also some banks.

It is blocked by a Windows patch issued in March - keep your software well up to date guys!  Here are the thoughts of Steve Bellovin (a top computer security expert) on the problems of patching in the real world.
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Online Online
  • Posts: 14,463
  • Blessed Vessel
    • My home page
Re: Wannacry Ransomware
« Reply #1 on: 13 May 2017, 02:40 »

This is so serious that MS have released patches for Windows XP and Vista, and corresponding server versions.  Apparently they are hard to download because of the level of traffic!

https://www.bleepingcomputer.com/news/security/microsoft-releases-patch-for-older-windows-versions-to-protect-against-wana-decrypt0r/
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

bhtooefr

  • Born in a Nalgene bottle
  • *****
  • Offline Offline
  • Posts: 3,174
  • ⌘-⌥-⌃-N
Re: Wannacry Ransomware
« Reply #2 on: 13 May 2017, 05:19 »

The Vista version of the patch had been released back in March with the initial wave of patches, for what it's worth - Vista was still in extended support at the time.

Also, all of the new patches are likely ones that would've been released to businesses paying the exorbitant sums to keep old OSes (like XP or Server 2003, primarily) under maintenance beyond the end of support. And, two of them were already publicly released for other OS releases with different licensing, but on the same codebase. But, one of them is a new release to the public.

What's new is the following:

Windows 8.0, both 32 and 64-bit (went out of support shortly after 8.1 came out, which was a problem for people using 64-bit 8.0 on some early AMD 64-bit platforms that didn't support 8.1) - this is an update that already existed for Server 2008 R1
Windows XP SP3 and XP Embedded SP3 - this is an update that already existed for Windows Embedded Standard 2009 and Windows Embedded POSReady 2009. Note that a lot of people still using XP have set a flag on their OS install to tell Windows Update that they're running POSReady.
Windows Server 2003, both 32 and 64-bit, and Windows XP x64 SP2 - this is the first time this one's made it in to the public.

Edit: Microsoft blog post on the matter: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
« Last Edit: 13 May 2017, 06:55 by bhtooefr »
Logged
Blodwyn is the Chessmaster

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Online Online
  • Posts: 14,463
  • Blessed Vessel
    • My home page
Re: Wannacry Ransomware
« Reply #3 on: 17 May 2017, 14:14 »

There's another virus (not ransomware) using the same vulnerabilities as WannaCry, and at least as widely disseminated:

https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )

BenRG

  • ASDFSFAALYG8A@*& ^$%O
  • *****
  • Offline Offline
  • Posts: 4,545
  • Boldly Going From The Back Seat!
Re: Wannacry Ransomware
« Reply #4 on: 18 May 2017, 00:04 »

Just a bit of advice from my own hard experience: It may look like a fake email to introduce malware in every possible way but it may not be. If the email's source address claims to be from your employer's supplier, contact them to confirm whether it is legitimate before Ctrl+Del. I'm just lucky they kept a backup of those invoices!

That said, you would think that a local authority's procurement department's emails wouldn't look so much like a copy-and-paste job originating from some hacker's basement!
Logged
~~~~

They call me BenRG... But I don't know why!

Gyrre

  • Cthulhu f'tagn
  • ****
  • Offline Offline
  • Posts: 522
Re: Wannacry Ransomware
« Reply #5 on: 28 Jun 2017, 02:08 »

Thanks for the info and updates.
Logged
Sweetheart:
Quote
We don't have time to play with rail guns!
UNITY:
Quote
You say that now, but when this slug hits Mach 7...

Case

  • Duck attack survivor
  • *****
  • Offline Offline
  • Posts: 1,837
  • Putting the 'mental' into judgemental
Re: Wannacry Ransomware
« Reply #6 on: 17 Jul 2017, 14:54 »

"To battle hackers, IBM wants to encrypt the world"

Only tangentially related to wannacry, but seems like an interesting push by Big Blue.

"All matters encryption" might be a topic deserving of a thread of its own, but I couldn't find one?
Logged
Quote from: Rosa Luxemburg
Freedom is always the freedom of the dissenter
Quote from: MrWoodchip
Goddamnit my nerdery will not go unheard!

audrina

  • Notorious N.U.R.R.
  • Offline Offline
  • Posts: 2
Re: Wannacry Ransomware
« Reply #7 on: 24 Jul 2017, 05:52 »

Just a bit of advice from my own hard experience: It may look like a fake email to introduce malware in every possible way but it may not be. If the email's source address claims to be from your employer's supplier, contact them to confirm whether it is legitimate before Ctrl+Del. I'm just lucky they kept a backup of those invoices!

That said, you would think that a local authority's procurement department's emails wouldn't look so much like a copy-and-paste job originating from some hacker's basement!

Ouh, i think this type of spam can be called phishing. They are coming from the business account. May I add that such type of emails may look like an email from the bank. Usually, such emails asking for some private information. Be careful, do not feel your private information. By the way, do antivirus programs help to minimize the quantity of spam?
Logged
Pages: [1]   Go Up