Anyone here hit by the Ransom Ware attack?

[jimmy olsen]

Wondering if anyone here works at a company that got by this attack or one like it.

http://www.nbcnews.com/news/us-news/blockbuster-wannacry-malware-could-just-be-getting-started-experts-n759356

Blockbuster 'WannaCry' Malware Could Just Be Getting Started: Experts

by Alex Johnson

The estimated 200,000 computers crippled worldwide by Friday's mammoth ransomware attack could be only the tip of the iceberg, security experts said Sunday.

The apparently random attack, called "WannaCry," hit on Friday and spread like wildfire before a British malware researcher identified as Marcus Hutchins was able to halt it temporarily on Saturday, when workers in many companies weren't in their offices.

That means an untold number of other infected systems could still be waiting to be discovered when people return to work on Monday and fire up their computers.

And there's worse news: At least two new variations of the malware have already been detected.

The malware spreads as a worm — scanning other computers linked to any machine or system it infects for the same defect and leaping onto them — through a vulnerability in Microsoft systems, particularly on outdated software like Windows XP or Windows Server 2003.

The malware includes an encryption package that automatically downloads itself to infected computers, locking up nearly all of the machines' files and demanding payment of $300 to $600 for a key to unlock them.

All it takes is for one computer on a network to be infected for all of the computers on that network to be compromised.

While Microsoft had stopped supporting older versions of Windows, it said it is pushing out special automatic updates to those systems to block the worm.

Unfortunately, those so-called legacy systems are disproportionately used by smaller companies with small technology staffs, which are unlikely to have blocked the infection before Microsoft's patch began rolling out, the cybersecurity firm Proofpoint Inc. said.

Even then, Microsoft's updates can be loaded only if a computer is powered back on — something that won't happen for the first time at potentially thousands of companies until Monday.

"I am worried about how the numbers will continue to grow when people go to work and turn [on] their machines," Rob Wainwright, director of the European investigative agency Europol, told NBC News partner ITV on Sunday.

Complicating matters is that new versions of the worm launched over the weekend are recoded to skirt the temporary fix, according to security specialists.

"Organizations need to update their software," Kristy Campbell, chief spokeswoman for the cybersecurity firm Proofpoint Inc., told NBC News on Sunday. "Those who do not will see their systems affected at an increasing rate by different variants of this malware."

Tarah Wheeler, senior director of engineering and for the security company Symantec, tweeted Sunday: "Round two, gentlefolk. Let's rock."

Kurtis Baron, a security specialist with consultants Fidus Information Security — who confirmed that his friend Hutchins was the hero researcher who stopped the initial attack — told NBC News on Sunday that he "doesn't doubt for a moment that Marcus, and people like him, will be getting ready to deal with a second attack" on Monday.

Microsoft President Brad Smith said Sunday that the attack used exploits stolen from the National Security Agency earlier this year.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Smith wrote on the Microsoft blog. "This is an emerging pattern in 2017. ...

"This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action," wrote Smith, who is also Microsoft's chief legal officer.

What to do if you're infected

You'll immediately know whether you're infected — you'll be greeted by a popup screen saying "Ooops, your important files are encrypted."

And by "important," they're talking about your most commonly used files — including .mp3 audios and .mp4 and .avi videos; .png and .jpg images; and .doc and .txt documents. The worm also targets any backup files you may have made, so you can't even restore older, safe versions.

The encrypted files will have the extension .WCRY added to their names. The international security firm Kaspersky has a complete list here.

Analysts said you should not click the "check payment" or "decrypt" buttons in the popup message. Instead — if you're able to — download and install Microsoft patch MS17-010, available here, which should work on Windows systems going all the way back to Vista.

[mongers]

Funnily enough, I was about to start a thread on this as it seems to be quite an important story.

Interesting that the Brit malware researcher accidentally pressed the kill switch on this on Friday, otherwise it might have been even worse carnage over the weekend and into the new week.

[Josquius]

I bet my old company was hit.
I remember when I was working there a big issue was the upcoming xp end of support.
About which they planned to do nothing because budgets.

[celedhring]

Took my mother to the hospital for a checkup and their computers were down.

[viper37]

Wondering if anyone here works at a company that got by this attack or one like it.

No, I do not use Windows XP ever since Vista SP1 got released.

[CountDeMoney]

Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.

Although, as systems in Russia, Ukraine and China in particular have been blitzed, I wonder if there's a connection between counterfeit copies of Windows and this bug.  I mean, can you patch a counterfeit OS?

[Barrister]

Apparently Canada has been entirely unhit through sheer dumb luck.

[CountDeMoney]

Apparently Canada has been entirely unhit through sheer dumb luck.

That's because you do-gooders fill out your registration and warranty cards.

[Grey Fox]

We don't even have to fill those out to be covered.

[Liep]

Wondering if anyone here works at a company that got by this attack or one like it.

No, I do not use Windows XP ever since Vista SP1 got released.

I hear it's infecting Windows 7 PCs as well.

EDIT: Last photo here is 7 and then the first reply:
https://twitter.com/GossiTheDog/status/863525648882642946

[PRC]

Not this one *fingers crossed*, but have been hit by them before, one was CryptoWall that was particularly devastating.

[Monoriu]

Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.

Although, as systems in Russia, Ukraine and China in particular have been blitzed, I wonder if there's a connection between counterfeit copies of Windows and this bug.  I mean, can you patch a counterfeit OS?

I have a lot of sympathy for people who run old operating systems.  That's usually because they have legacy (and mission critical) programmes that only run on the older operating systems.  In HK for example, a lot of the critical hospital software is written by doctors in their spare time.  They are essentially amateur programmers.  That programme is only compatible with Windows XP and IE 6.0, and nothing else.  Upgrade to Windows 7, and that programme goes bust.   

[CountDeMoney]

I have a lot of sympathy for people who run old operating systems.  That's usually because they have legacy (and mission critical) programmes that only run on the older operating systems.  In HK for example, a lot of the critical hospital software is written by doctors in their spare time.  They are essentially amateur programmers.  That programme is only compatible with Windows XP and IE 6.0, and nothing else.  Upgrade to Windows 7, and that programme goes bust.

Whatever, Countie McFitter.  Save it for the Gucchi bags and the the Holodex watches.

[11B4V]

Apparently Canada has been entirely unhit through sheer dumb luck.

That's because you do-gooders fill out your registration and warranty cards.

Folks actually fill those out. 

[viper37]

Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.

at least, run a modern version of Linux if license costs are problematic.  You'll invest in training & migration costs.

Although, as systems in Russia, Ukraine and China in particular have been blitzed,

NK hasn't been it, and it's an exploit based on NSA's discovery shared by Snowden, available to those who bought the info.

I wonder if there's a connection between counterfeit copies of Windows and this bug.

No.

I mean, can you patch a counterfeit OS?

Theoritically, no.  But you can find some advanced crack that will let you patch Windows anyway.  of course, it's entirely possible the crack will open a backdoor on your computer, so you get what you pay for.