Wondering if anyone here works at a company that got by this attack or one like it.
http://www.nbcnews.com/news/us-news/blockbuster-wannacry-malware-could-just-be-getting-started-experts-n759356
Quote
Blockbuster 'WannaCry' Malware Could Just Be Getting Started: Experts
by Alex Johnson
The estimated 200,000 computers crippled worldwide by Friday's mammoth ransomware attack could be only the tip of the iceberg, security experts said Sunday.
The apparently random attack, called "WannaCry," hit on Friday and spread like wildfire before a British malware researcher identified as Marcus Hutchins was able to halt it temporarily on Saturday, when workers in many companies weren't in their offices.
That means an untold number of other infected systems could still be waiting to be discovered when people return to work on Monday and fire up their computers.
And there's worse news: At least two new variations of the malware have already been detected.
The malware spreads as a worm — scanning other computers linked to any machine or system it infects for the same defect and leaping onto them — through a vulnerability in Microsoft systems, particularly on outdated software like Windows XP or Windows Server 2003.
The malware includes an encryption package that automatically downloads itself to infected computers, locking up nearly all of the machines' files and demanding payment of $300 to $600 for a key to unlock them.
All it takes is for one computer on a network to be infected for all of the computers on that network to be compromised.
While Microsoft had stopped supporting older versions of Windows, it said it is pushing out special automatic updates to those systems to block the worm.
Unfortunately, those so-called legacy systems are disproportionately used by smaller companies with small technology staffs, which are unlikely to have blocked the infection before Microsoft's patch began rolling out, the cybersecurity firm Proofpoint Inc. said.
Even then, Microsoft's updates can be loaded only if a computer is powered back on — something that won't happen for the first time at potentially thousands of companies until Monday.
"I am worried about how the numbers will continue to grow when people go to work and turn [on] their machines," Rob Wainwright, director of the European investigative agency Europol, told NBC News partner ITV on Sunday.
Complicating matters is that new versions of the worm launched over the weekend are recoded to skirt the temporary fix, according to security specialists.
"Organizations need to update their software," Kristy Campbell, chief spokeswoman for the cybersecurity firm Proofpoint Inc., told NBC News on Sunday. "Those who do not will see their systems affected at an increasing rate by different variants of this malware."
Tarah Wheeler, senior director of engineering and for the security company Symantec, tweeted Sunday: "Round two, gentlefolk. Let's rock."
Kurtis Baron, a security specialist with consultants Fidus Information Security — who confirmed that his friend Hutchins was the hero researcher who stopped the initial attack — told NBC News on Sunday that he "doesn't doubt for a moment that Marcus, and people like him, will be getting ready to deal with a second attack" on Monday.
Microsoft President Brad Smith said Sunday that the attack used exploits stolen from the National Security Agency earlier this year.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Smith wrote on the Microsoft blog. "This is an emerging pattern in 2017. ...
"This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action," wrote Smith, who is also Microsoft's chief legal officer.
What to do if you're infected
You'll immediately know whether you're infected — you'll be greeted by a popup screen saying "Ooops, your important files are encrypted."
And by "important," they're talking about your most commonly used files — including .mp3 audios and .mp4 and .avi videos; .png and .jpg images; and .doc and .txt documents. The worm also targets any backup files you may have made, so you can't even restore older, safe versions.
The encrypted files will have the extension .WCRY added to their names. The international security firm Kaspersky has a complete list here.
Analysts said you should not click the "check payment" or "decrypt" buttons in the popup message. Instead — if you're able to — download and install Microsoft patch MS17-010, available here, which should work on Windows systems going all the way back to Vista.
Funnily enough, I was about to start a thread on this as it seems to be quite an important story.
Interesting that the Brit malware researcher accidentally pressed the kill switch on this on Friday, otherwise it might have been even worse carnage over the weekend and into the new week.
I bet my old company was hit.
I remember when I was working there a big issue was the upcoming xp end of support.
About which they planned to do nothing because budgets.
Took my mother to the hospital for a checkup and their computers were down.
Quote from: jimmy olsen on May 14, 2017, 09:58:48 PM
Wondering if anyone here works at a company that got by this attack or one like it.
No, I do not use Windows XP ever since Vista SP1 got released.
Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.
Although, as systems in Russia, Ukraine and China in particular have been blitzed, I wonder if there's a connection between counterfeit copies of Windows and this bug. I mean, can you patch a counterfeit OS?
Apparently Canada has been entirely unhit through sheer dumb luck.
Quote from: Barrister on May 15, 2017, 11:42:55 AM
Apparently Canada has been entirely unhit through sheer dumb luck.
That's because you do-gooders fill out your registration and warranty cards.
We don't even have to fill those out to be covered.
Quote from: viper37 on May 15, 2017, 08:02:24 AM
Quote from: jimmy olsen on May 14, 2017, 09:58:48 PM
Wondering if anyone here works at a company that got by this attack or one like it.
No, I do not use Windows XP ever since Vista SP1 got released.
I hear it's infecting Windows 7 PCs as well.
EDIT: Last photo here is 7 and then the first reply:
https://twitter.com/GossiTheDog/status/863525648882642946
Not this one *fingers crossed*, but have been hit by them before, one was CryptoWall that was particularly devastating.
Quote from: CountDeMoney on May 15, 2017, 11:36:58 AM
Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.
Although, as systems in Russia, Ukraine and China in particular have been blitzed, I wonder if there's a connection between counterfeit copies of Windows and this bug. I mean, can you patch a counterfeit OS?
I have a lot of sympathy for people who run old operating systems. That's usually because they have legacy (and mission critical) programmes that only run on the older operating systems. In HK for example, a lot of the critical hospital software is written by doctors in their spare time. They are essentially amateur programmers. That programme is only compatible with Windows XP and IE 6.0, and nothing else. Upgrade to Windows 7, and that programme goes bust.
Quote from: Monoriu on May 15, 2017, 06:08:35 PM
I have a lot of sympathy for people who run old operating systems. That's usually because they have legacy (and mission critical) programmes that only run on the older operating systems. In HK for example, a lot of the critical hospital software is written by doctors in their spare time. They are essentially amateur programmers. That programme is only compatible with Windows XP and IE 6.0, and nothing else. Upgrade to Windows 7, and that programme goes bust.
Whatever, Countie McFitter. Save it for the Gucchi bags and the the Holodex watches.
Quote from: CountDeMoney on May 15, 2017, 11:47:13 AM
Quote from: Barrister on May 15, 2017, 11:42:55 AM
Apparently Canada has been entirely unhit through sheer dumb luck.
That's because you do-gooders fill out your registration and warranty cards.
Folks actually fill those out. :huh:
Quote from: CountDeMoney on May 15, 2017, 11:36:58 AM
Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.
:yes:
at least, run a modern version of Linux if license costs are problematic. You'll invest in training & migration costs.
Quote
Although, as systems in Russia, Ukraine and China in particular have been blitzed,
NK hasn't been it, and it's an exploit based on NSA's discovery shared by Snowden, available to those who bought the info.
Quote
I wonder if there's a connection between counterfeit copies of Windows and this bug.
No.
QuoteI mean, can you patch a counterfeit OS?
Theoritically, no. But you can find some advanced crack that will let you patch Windows anyway. of course, it's entirely possible the crack will open a backdoor on your computer, so you get what you pay for.
Quote from: Liep on May 15, 2017, 11:53:23 AM
Quote from: viper37 on May 15, 2017, 08:02:24 AM
Quote from: jimmy olsen on May 14, 2017, 09:58:48 PM
Wondering if anyone here works at a company that got by this attack or one like it.
No, I do not use Windows XP ever since Vista SP1 got released.
I hear it's infecting Windows 7 PCs as well.
EDIT: Last photo here is 7 and then the first reply:
https://twitter.com/GossiTheDog/status/863525648882642946
that particular flaw was fix a few months ago. In Windows 7, you can still disable mandatory updating, so it's possible the systems were not patched.
Quote from: Monoriu on May 15, 2017, 06:08:35 PM
Quote from: CountDeMoney on May 15, 2017, 11:36:58 AM
Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.
Although, as systems in Russia, Ukraine and China in particular have been blitzed, I wonder if there's a connection between counterfeit copies of Windows and this bug. I mean, can you patch a counterfeit OS?
I have a lot of sympathy for people who run old operating systems. That's usually because they have legacy (and mission critical) programmes that only run on the older operating systems. In HK for example, a lot of the critical hospital software is written by doctors in their spare time. They are essentially amateur programmers. That programme is only compatible with Windows XP and IE 6.0, and nothing else. Upgrade to Windows 7, and that programme goes bust.
at least, run a modern version of Linux if license costs are problematic. You'll invest in training & migration costs.
Quote from: viper37 on May 15, 2017, 07:22:16 PM
NK hasn't been it, and it's an exploit based on NSA's discovery shared by Snowden, available to those who bought the info.
Considering how NK has only about 1,000 IP addresses and has to go through a Chinese provider anyway, they probably couldn't catch a internet virus even if they wanted to.
Quote from: viper37 on May 15, 2017, 07:25:01 PM
Quote from: Monoriu on May 15, 2017, 06:08:35 PM
Quote from: CountDeMoney on May 15, 2017, 11:36:58 AM
Refuse to run modern operating systems, and instead run stuff that isn't even supported anymore, you get what you get.
Although, as systems in Russia, Ukraine and China in particular have been blitzed, I wonder if there's a connection between counterfeit copies of Windows and this bug. I mean, can you patch a counterfeit OS?
I have a lot of sympathy for people who run old operating systems. That's usually because they have legacy (and mission critical) programmes that only run on the older operating systems. In HK for example, a lot of the critical hospital software is written by doctors in their spare time. They are essentially amateur programmers. That programme is only compatible with Windows XP and IE 6.0, and nothing else. Upgrade to Windows 7, and that programme goes bust.
at least, run a modern version of Linux if license costs are problematic. You'll invest in training & migration costs.
Windows is a given. Anything else is not an option :P
Quote from: CountDeMoney on May 15, 2017, 06:15:56 PM
Whatever, Countie McFitter. Save it for the Gucchi bags and the the Holodex watches.
I have been using the same no name $30 bag for like 7-8 years. And I don't buy or wear watches :bowler:
You carry a man bag? GAAAAAAAAAY
Quote from: Monoriu on May 15, 2017, 07:50:10 PM
Windows is a given. Anything else is not an option :P
They're free. as in no money. At all. Every software you can dream of is free to run or compile by yourself.
Try this one:
https://www.archlinux.org/
Free. In all the meanings of the word.
Mono runs Windaos 98.
Tamas runs WinBeets ME
Quote from: viper37 on May 15, 2017, 08:14:38 PM
Quote from: Monoriu on May 15, 2017, 07:50:10 PM
Windows is a given. Anything else is not an option :P
They're free. as in no money. At all. Every software you can dream of is free to run or compile by yourself.
Try this one:
https://www.archlinux.org/
Free. In all the meanings of the word.
It isn't just the financial cost. There is the small problem that nobody knows how to use Linux, and that everybody else uses Windows :P
Quote from: Monoriu on May 15, 2017, 08:25:35 PM
Quote from: viper37 on May 15, 2017, 08:14:38 PM
Quote from: Monoriu on May 15, 2017, 07:50:10 PM
Windows is a given. Anything else is not an option :P
They're free. as in no money. At all. Every software you can dream of is free to run or compile by yourself.
Try this one:
https://www.archlinux.org/ (https://www.archlinux.org/)
Free. In all the meanings of the word.
It isn't just the financial cost. There is the small problem that nobody knows how to use Linux, and that everybody else uses Windows :P
Well, tbh, I gave you the link to one of Linux most complicated distros to use, and it's really made for experts, because you need to install&compile everything by yourself, even the kernel patch. But you got freedom, so I figured for a genuine libertarian, freedom would be better than convenience.
However, Ubuntu and Mint are pretty good, they have large user base, especially Ubuntu and you can do most stuff out of the box.
Since you're a loyalist to the mainland and would never do something as subsersive as using a non approved OS for your computer, this is what you're looking for: https://www.ubuntu.com/desktop/ubuntu-kylin (https://www.ubuntu.com/desktop/ubuntu-kylin)
Ubuntu Kylin is an official flavour of Ubuntu. It is a free PC operating system created for China and complies with the Chinese government procurement regulations. It includes all the features you've come to expect from Ubuntu, alongside essential Chinese software and apps. The interface has been designed specifically to put Chinese users first — and with support for touch screens and HiDPI monitors, it runs beautifully on all kinds of hardware.
All in all, so long as you do only basic computing stuff, like managing your Qbittorrent and your Kodi to play the multi-episode anime series you like, it's perfect for you. And as a bonus, it is, by default, more secure than any version of Windows.
and you got great support over here:
https://ubuntuforums.org/index.php
Caveat: good luck making wireless work and keep working.
Any system that is not Windows based is a non-starter :P
Quote from: Ed Anger on May 15, 2017, 08:18:10 PM
Tamas runs WinBeets ME
:rolleyes: The Beet Generation.
Quote from: grumbler on May 15, 2017, 09:41:48 PM
Quote from: Ed Anger on May 15, 2017, 08:18:10 PM
Tamas runs WinBeets ME
:rolleyes: The Beet Generation.
Well of course. He's got the beet (https://www.youtube.com/watch?v=f55KlPe81Yw).
Quote from: Jacob on May 16, 2017, 01:53:58 AM
Well of course. He's got the beet (https://www.youtube.com/watch?v=f55KlPe81Yw).
He marches to The Beet of a Different Drummer.
(https://languish.org/forums/proxy.php?request=http%3A%2F%2Fwww.madmagazine.com%2Fsites%2Fdefault%2Ffiles%2Ffiles%2F2012%2F02%2FMAD-Magazine-Beets-by-Dre.jpg&hash=88e323938e0846b173f193322a51e7236428964c)
Quote from: Monoriu on May 15, 2017, 09:16:55 PM
Any system that is not Windows based is a non-starter :P
So, you do have principles. Nice. :P
Mono may be a genuine libertarian, but he's not stupid.
Quote from: Syt on May 16, 2017, 04:51:11 AM
(https://languish.org/forums/proxy.php?request=http%3A%2F%2Fwww.madmagazine.com%2Fsites%2Fdefault%2Ffiles%2Ffiles%2F2012%2F02%2FMAD-Magazine-Beets-by-Dre.jpg&hash=88e323938e0846b173f193322a51e7236428964c)
So many different beets, who knew.
The NSA thinks the North Koreans were behind it.
https://www.washingtonpost.com/world/national-security/the-nsa-has-linked-the-wannacry-computer-worm-to-north-korea/2017/06/14/101395a2-508e-11e7-be25-3a519335381c_story.html?tid=sm_tw&utm_term=.156890c84fe4
Quote from: The Brain on May 16, 2017, 03:19:18 PM
Mono may be a genuine libertarian,
He's not. He just doesn't like paying taxes.
Taxation is theft.
Quote from: Jacob on June 15, 2017, 12:16:27 PM
Property is theft.
In order for property to be theft, it would have to be someone's property to begin with. Which would have been theft.
Quote from: jimmy olsen on June 15, 2017, 12:58:31 AM
The NSA thinks the North Koreans were behind it.
https://www.washingtonpost.com/world/national-security/the-nsa-has-linked-the-wannacry-computer-worm-to-north-korea/2017/06/14/101395a2-508e-11e7-be25-3a519335381c_story.html?tid=sm_tw&utm_term=.156890c84fe4
Quote from: viper37 on May 15, 2017, 07:22:16 PM
NK hasn't been it, and it's an exploit based on NSA's discovery shared by Snowden, available to those who bought the info.
Quote from: Admiral Yi on June 15, 2017, 12:24:38 PM
Quote from: Jacob on June 15, 2017, 12:16:27 PM
Property is theft.
In order for property to be theft, it would have to be someone's property to begin with. Which would have been theft.
From a communist point of view, everything and everyone belongs to the State, therefore, private property is theft.
Everything belongs to God, you are only the steward. So pay your church 10%. Rent I guess.
Quote from: Valmy on June 15, 2017, 02:18:02 PM
Everything belongs to God, you are only the steward. So pay your church 10%. Rent I guess.
Protection money. if you don't pay it bad things happen to you.
Quote from: HVC on June 15, 2017, 02:19:51 PM
Quote from: Valmy on June 15, 2017, 02:18:02 PM
Everything belongs to God, you are only the steward. So pay your church 10%. Rent I guess.
Protection money. if you don't pay it bad things happen to you.
God the Father = The Godfather.
Seems there's been another wave.
And I'm quite paranoid.
Last night my computer randomly gave me a message speaking of backing up encrypted files though I'm not using any encryption software.
Googling I see messages going way back of people getting this. Windows 10 itself encrypting features of itself that aren't used for storage. But still :ph34r:
Next time I plan to turn on my computer I'm disconnecting all my removables first and then doing a full virus scan. Maybe go right into safe mode.
Store food for a year.
Quote from: Tyr on June 27, 2017, 12:03:43 PM
Seems there's been another wave.
And I'm quite paranoid.
Last night my computer randomly gave me a message speaking of backing up encrypted files though I'm not using any encryption software.
Googling I see messages going way back of people getting this. Windows 10 itself encrypting features of itself that aren't used for storage. But still :ph34r:
Next time I plan to turn on my computer I'm disconnecting all my removables first and then doing a full virus scan. Maybe go right into safe mode.
use an offline scanner like Kaspersky. Find a clean computer, create it at work, maybe.
The Power Grid is gonna go down in one of these attacks one of these days and you people are FUCKED.
Don't bother looting Best Buy.
Oh man, one of my clients got hit and all of their emails and phones are down. I would not want to be their IT group now nor their CTO.
How to vaccinate:
https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/
As thought i was being a overly paranoid nut.
Nonetheless there are an awful lot of encrypted files on my computer. I suspect something to do with my old windows 7 install. Curious.
Quote from: Tyr on June 28, 2017, 12:20:08 PM
As thought i was being a overly paranoid nut.
Nonetheless there are an awful lot of encrypted files on my computer. I suspect something to do with my old windows 7 install. Curious.
use disk cleanup to remove your old Win7 leftovers.
We're fine. My CIO's biggest priority is always IT security and zero downtime. Dude used to run IT at the CME where obviously things like that are mission critical there.
Quote from: Tyr on June 27, 2017, 12:03:43 PM
Seems there's been another wave.
And I'm quite paranoid.
Last night my computer randomly gave me a message speaking of backing up encrypted files though I'm not using any encryption software.
Googling I see messages going way back of people getting this. Windows 10 itself encrypting features of itself that aren't used for storage. But still :ph34r:
Next time I plan to turn on my computer I'm disconnecting all my removables first and then doing a full virus scan. Maybe go right into safe mode.
Bitlocker = Windows' built-in file encryption.
Cryptolocker = change your underpants.
And for the love of god, stop letting your browser keep temp files after you close your session. Is it a pain having to type in passwords a bit more frequently? Yes. Is it worth the risk of malware? Hell no.
Quote from: DontSayBanana on July 02, 2017, 08:15:11 AM
And for the love of god, stop letting your browser keep temp files after you close your session. Is it a pain having to type in passwords a bit more frequently? Yes. Is it worth the risk of malware? Hell no.
use a software like Lastpass. One password to rule them all.
Quote from: viper37 on July 02, 2017, 11:13:34 AM
use a software like Lastpass. One password to rule them all.
Eh. I cycle a half-dozen different "strong" passwords, and change different ones into the rotation periodically. LastPass is easy, but it's only as good as your master password- not crazy about making it a SPOF for all my passwords.
Yeah, I really don't trust these one password tools.
Especially since I sometimes want to login to my online stuff from elsewhere
My password tool is a little black book. Threat vector has remained unchanged in 30 years.
Quote from: CountDeMoney on July 03, 2017, 07:59:52 AM
My password tool is a little black book. Threat vector has remained unchanged in 30 years.
Haven't you lived in different places in the last 30 years?
Quote from: garbon on July 03, 2017, 08:23:48 AM
Quote from: CountDeMoney on July 03, 2017, 07:59:52 AM
My password tool is a little black book. Threat vector has remained unchanged in 30 years.
Haven't you lived in different places in the last 30 years?
I really don't see where I have lived would have altered my malware or other cyber security threat profiles, Cuntilly Lace.
Quote from: CountDeMoney on July 03, 2017, 08:30:59 AM
Quote from: garbon on July 03, 2017, 08:23:48 AM
Quote from: CountDeMoney on July 03, 2017, 07:59:52 AM
My password tool is a little black book. Threat vector has remained unchanged in 30 years.
Haven't you lived in different places in the last 30 years?
I really don't see where I have lived would have altered my malware or other cyber security threat profiles, Cuntilly Lace.
You don't think your living situation would alter the extent to which someone could pilfer a physical book?
Quote from: garbon on July 03, 2017, 08:39:54 AM
You don't think your living situation would alter the extent to which someone could pilfer a physical book?
No. Would yours, you snarky little cunt?
Quote from: CountDeMoney on July 03, 2017, 08:42:03 AM
Quote from: garbon on July 03, 2017, 08:39:54 AM
You don't think your living situation would alter the extent to which someone could pilfer a physical book?
No. Would yours, you snarky little cunt?
Yes. :huh:
I mean like say a person living on their own with loose women traipsing about vs. a person living with their parents. When in the latter context, probably a bit more snooping. :D
That's the problem with this generation's business intelligence monkeys: so damned concerned about getting a keylogger onto your machine, they don't bother looking in the desk drawer for the address book with all the passwords first.
Then again, I once watched a team spend 10 minutes trying to take apart a door at its hinges before I reached over and turned the unlocked doorknob. So maybe it's just me, being old-fashioned and not keeping up with the times and shit.
Quote from: DontSayBanana on July 03, 2017, 01:58:08 AM
Quote from: viper37 on July 02, 2017, 11:13:34 AM
use a software like Lastpass. One password to rule them all.
Eh. I cycle a half-dozen different "strong" passwords, and change different ones into the rotation periodically. LastPass is easy, but it's only as good as your master password- not crazy about making it a SPOF for all my passwords.
the problem with strong passwords is you keep forgetting them. I once spent two full evenings cycling throug possible "strong passwords" I used. I had an idea what they were, but forgot the exact combo.
Hence, Lastpass and it's 24 long passkey is good for me. I put in there a simple passphrase I remember for each account, and I'm good. And there's a tool to check if any of your password have found their way onto some leaked site, and so far, I'm ok.
Quote from: Tyr on July 03, 2017, 03:56:46 AM
Yeah, I really don't trust these one password tools.
Especially since I sometimes want to login to my online stuff from elsewhere
If you use LastPass, you can gain access to your account from any machine, provided you set up your phone to be your secondary device for two factor id. Once you make it recognize the computer, it will no longer need it for each subsequent time you log on to your account.
I use KeyPass myself; have been for a couple of years now and very happy with it. I only have to remember one password - mine is 20+ characters of all different types - then copy paste the passwords into the login fields. There is a copy of the password database in my Dropbox for accessing stuff away from home.