News:

And we're back!

Main Menu

Anyone here hit by the Ransom Ware attack?

Started by jimmy olsen, May 14, 2017, 09:58:48 PM

Previous topic - Next topic

jimmy olsen

Wondering if anyone here works at a company that got by this attack or one like it.

http://www.nbcnews.com/news/us-news/blockbuster-wannacry-malware-could-just-be-getting-started-experts-n759356

Quote

Blockbuster 'WannaCry' Malware Could Just Be Getting Started: Experts

by Alex Johnson

The estimated 200,000 computers crippled worldwide by Friday's mammoth ransomware attack could be only the tip of the iceberg, security experts said Sunday.

The apparently random attack, called "WannaCry," hit on Friday and spread like wildfire before a British malware researcher identified as Marcus Hutchins was able to halt it temporarily on Saturday, when workers in many companies weren't in their offices.

That means an untold number of other infected systems could still be waiting to be discovered when people return to work on Monday and fire up their computers.

And there's worse news: At least two new variations of the malware have already been detected.

The malware spreads as a worm — scanning other computers linked to any machine or system it infects for the same defect and leaping onto them — through a vulnerability in Microsoft systems, particularly on outdated software like Windows XP or Windows Server 2003.

The malware includes an encryption package that automatically downloads itself to infected computers, locking up nearly all of the machines' files and demanding payment of $300 to $600 for a key to unlock them.

All it takes is for one computer on a network to be infected for all of the computers on that network to be compromised.

While Microsoft had stopped supporting older versions of Windows, it said it is pushing out special automatic updates to those systems to block the worm.

Unfortunately, those so-called legacy systems are disproportionately used by smaller companies with small technology staffs, which are unlikely to have blocked the infection before Microsoft's patch began rolling out, the cybersecurity firm Proofpoint Inc. said.

Even then, Microsoft's updates can be loaded only if a computer is powered back on — something that won't happen for the first time at potentially thousands of companies until Monday.

"I am worried about how the numbers will continue to grow when people go to work and turn [on] their machines," Rob Wainwright, director of the European investigative agency Europol, told NBC News partner ITV on Sunday.

Complicating matters is that new versions of the worm launched over the weekend are recoded to skirt the temporary fix, according to security specialists.

"Organizations need to update their software," Kristy Campbell, chief spokeswoman for the cybersecurity firm Proofpoint Inc., told NBC News on Sunday. "Those who do not will see their systems affected at an increasing rate by different variants of this malware."

Tarah Wheeler, senior director of engineering and for the security company Symantec, tweeted Sunday: "Round two, gentlefolk. Let's rock."

Kurtis Baron, a security specialist with consultants Fidus Information Security — who confirmed that his friend Hutchins was the hero researcher who stopped the initial attack — told NBC News on Sunday that he "doesn't doubt for a moment that Marcus, and people like him, will be getting ready to deal with a second attack" on Monday.

Microsoft President Brad Smith said Sunday that the attack used exploits stolen from the National Security Agency earlier this year.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Smith wrote on the Microsoft blog. "This is an emerging pattern in 2017. ...

"This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action," wrote Smith, who is also Microsoft's chief legal officer.

What to do if you're infected

You'll immediately know whether you're infected — you'll be greeted by a popup screen saying "Ooops, your important files are encrypted."

And by "important," they're talking about your most commonly used files — including .mp3 audios and .mp4 and .avi videos; .png and .jpg images; and .doc and .txt documents. The worm also targets any backup files you may have made, so you can't even restore older, safe versions.

The encrypted files will have the extension .WCRY added to their names. The international security firm Kaspersky has a complete list here.

Analysts said you should not click the "check payment" or "decrypt" buttons in the popup message. Instead — if you're able to — download and install Microsoft patch MS17-010, available here, which should work on Windows systems going all the way back to Vista.

It is far better for the truth to tear my flesh to pieces, then for my soul to wander through darkness in eternal damnation.

Jet: So what kind of woman is she? What's Julia like?
Faye: Ordinary. The kind of beautiful, dangerous ordinary that you just can't leave alone.
Jet: I see.
Faye: Like an angel from the underworld. Or a devil from Paradise.
--------------------------------------------
1 Karma Chameleon point

mongers

Funnily enough, I was about to start a thread on this as it seems to be quite an important story.

Interesting that the Brit malware researcher accidentally pressed the kill switch on this on Friday, otherwise it might have been even worse carnage over the weekend and into the new week.
"We have it in our power to begin the world over again"

Josquius

I bet my old company was hit.
I remember when I was working there a big issue was the upcoming xp end of support.
About which they planned to do nothing because budgets.
██████
██████
██████

celedhring

Took my mother to the hospital for a checkup and their computers were down.

viper37

Quote from: jimmy olsen on May 14, 2017, 09:58:48 PM
Wondering if anyone here works at a company that got by this attack or one like it.

No, I do not use Windows XP ever since Vista SP1 got released.
I don't do meditation.  I drink alcohol to relax, like normal people.

If Microsoft Excel decided to stop working overnight, the world would practically end.

CountDeMoney

Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.

Although, as systems in Russia, Ukraine and China in particular have been blitzed, I wonder if there's a connection between counterfeit copies of Windows and this bug.  I mean, can you patch a counterfeit OS?

Barrister

Apparently Canada has been entirely unhit through sheer dumb luck.
Posts here are my own private opinions.  I do not speak for my employer.

CountDeMoney

Quote from: Barrister on May 15, 2017, 11:42:55 AM
Apparently Canada has been entirely unhit through sheer dumb luck.

That's because you do-gooders fill out your registration and warranty cards.

Grey Fox

We don't even have to fill those out to be covered.
Colonel Caliga is Awesome.

Liep

Quote from: viper37 on May 15, 2017, 08:02:24 AM
Quote from: jimmy olsen on May 14, 2017, 09:58:48 PM
Wondering if anyone here works at a company that got by this attack or one like it.

No, I do not use Windows XP ever since Vista SP1 got released.

I hear it's infecting Windows 7 PCs as well.

EDIT: Last photo here is 7 and then the first reply:
https://twitter.com/GossiTheDog/status/863525648882642946
"Af alle latterlige Ting forekommer det mig at være det allerlatterligste at have travlt" - Kierkegaard

"JamenajmenømahrmDÆ!DÆ! Æhvnårvaæhvadlelæh! Hvor er det crazy, det her, mand!" - Uffe Elbæk

PRC

Not this one *fingers crossed*, but have been hit by them before, one was CryptoWall that was particularly devastating.

Monoriu

Quote from: CountDeMoney on May 15, 2017, 11:36:58 AM
Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.

Although, as systems in Russia, Ukraine and China in particular have been blitzed, I wonder if there's a connection between counterfeit copies of Windows and this bug.  I mean, can you patch a counterfeit OS?

I have a lot of sympathy for people who run old operating systems.  That's usually because they have legacy (and mission critical) programmes that only run on the older operating systems.  In HK for example, a lot of the critical hospital software is written by doctors in their spare time.  They are essentially amateur programmers.  That programme is only compatible with Windows XP and IE 6.0, and nothing else.  Upgrade to Windows 7, and that programme goes bust.   

CountDeMoney

Quote from: Monoriu on May 15, 2017, 06:08:35 PM
I have a lot of sympathy for people who run old operating systems.  That's usually because they have legacy (and mission critical) programmes that only run on the older operating systems.  In HK for example, a lot of the critical hospital software is written by doctors in their spare time.  They are essentially amateur programmers.  That programme is only compatible with Windows XP and IE 6.0, and nothing else.  Upgrade to Windows 7, and that programme goes bust.

Whatever, Countie McFitter.  Save it for the Gucchi bags and the the Holodex watches.

11B4V

Quote from: CountDeMoney on May 15, 2017, 11:47:13 AM
Quote from: Barrister on May 15, 2017, 11:42:55 AM
Apparently Canada has been entirely unhit through sheer dumb luck.

That's because you do-gooders fill out your registration and warranty cards.

Folks actually fill those out.  :huh:
"there's a long tradition of insulting people we disagree with here, and I'll be damned if I listen to your entreaties otherwise."-OVB

"Obviously not a Berkut-commanded armored column.  They're not all brewing."- CdM

"We've reached one of our phase lines after the firefight and it smells bad—meaning it's a little bit suspicious... Could be an amb—".

viper37

Quote from: CountDeMoney on May 15, 2017, 11:36:58 AM
Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.
:yes:
at least, run a modern version of Linux if license costs are problematic.  You'll invest in training & migration costs.


Quote
Although, as systems in Russia, Ukraine and China in particular have been blitzed,
NK hasn't been it, and it's an exploit based on NSA's discovery shared by Snowden, available to those who bought the info.

Quote
I wonder if there's a connection between counterfeit copies of Windows and this bug.
No.

QuoteI mean, can you patch a counterfeit OS?
Theoritically, no.  But you can find some advanced crack that will let you patch Windows anyway.  of course, it's entirely possible the crack will open a backdoor on your computer, so you get what you pay for.
I don't do meditation.  I drink alcohol to relax, like normal people.

If Microsoft Excel decided to stop working overnight, the world would practically end.