Ransomware Infections Reported Worldwide

Interesting article.

http://www.bbc.com/news/technology-39901382

 

Saw this on another site, made sure my OS was up to date.

 

Go to "Bleeping Computers.com" and read their article on this. It mentions an update needed to stop this and gives an MS update reference cve for disabling the chance of infection and the MS article has workarounds for different systems and server systems. I applied to recommended work-around suggested for this 8.1 system to disable SMBv1 @ Control Panel/ Programs and Features/ SMBv1.
See BC and MS articles. Here's MS page

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx


I also have an image from last Sunday on a disconnected drive and will keep it disconnected until this passes over. Follow @Earthling's advice. Image, Image, Image!

 

I've dis-abled the smbv1 feature, restarted and returned here, so I believe I can use most sites as normal. And my last year's image and my recent image is in a box with my iPhone ear bubs which I never use. This kind of stuff might convince me that I need to go ahead and get that 3rd external drive. Whoopppeee!

 

Microsoft indicate older systems are the ones most affected by this malware, XP being the biggest casualty but right up to Windows 8.

 

My inner cynic wants to tell people that if they are still on XP they should expect something like this to happen.

 

Yeah, when your OS is old enough to drive, you might want to look into updating it a bit.

 

On the MS link I see win10 ver 1511 and 1607 as needing the patch. I would check into proving I had the update patch or work-arouind on any system - old or new.

 

Obviously. Better safe than sorry.

Back to the subject of XP, it's unsurprising that the article Imandy Mann linked to doesn't mention that OS, and has no update for it. That's also a hint it's time to upgrade....

 

I'm still surprised, but happy for the ones who are still stuck on XP.

 

Here are the updates for Windows XP, Vista, 8, Server 2003, Server 2008 - 32-bit & 64-bit.
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

 

A good video from Comodo on how its Firewall version 10 stops the current Wannacry ransomware:

 

It's not over. New variant detected that does not have a kill switch.

http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html

 

'malware tech' himself said the same thing even a short time after he successfully (by accident) stopped the flow of the first attack. He made clear then it wasn't the end.

 

All the evidence for these attacks, which sources indicate wont stop, go back to April when a hacking group called Shadow Brokers leaked them. At least one of these cyber attack tools was central to these attacks this week, 'EternalBlue'. The tool was said to have been created by the American NSA - though, as is typical, the agency has neither confirmed nor denied this.
http://www.bbc.co.uk/news/technology-39905509
April leaking for the tools:
http://www.bbc.co.uk/news/technology-39606575

 

If you got hit, hopefully you have a backup or image to resort to. Seems the perps probably can't keep up with the un-encrypt process for all the individual computers they infected.

http://www.pcworld.com/article/3196...-will-probably-get-you-nothing-heres-why.html

If it missed you, good. But with what happened, all should be warned. Get Crypto Prevent, stay patched, get the latest security updates, update your anti-malware/anti-virus, and read on the port blocks that can help!

And if you're all good right now, make an image, make an image, oh did I say, MAKE AN IMAGE!

 

Solid advice. Thanks. I also use Crypto Prevent on my Win 10 Pro laptop. All Windows updates applied, AV and anti-malware apps updated. I also created new back-ups of all of my stuff.

 

Thanks to you for starting this thread! Maybe opened a few eyes that never knew what could happen. Hopefully all our friends here @ MGeeks are all well.

 

Haven't used that software before. Is it intrusive on RAM and CPU usage?

 

Nevermind, I just downloaded and installed it. Not much of a footprint at all.

 

Agreed. My Lenovo T420 has modest specs it has an i5 2.50 GHz cpu and 8 GB RAM. It runs well on my unit.

 

I have not seen any issue of this.All my systems are very well protected.

 

The target has been mostly organisations.

 

Than whats the fuss about.It's nothing new.

 

I suggest you read any of the media links here in this very thread, or any reputable media that has reported on it, and you would know that yes it is a new variant that was leaked by a hacker group in April and was actually created by the US's NSA. It targeted most Windows OS's from XP to 8 but MS got a fix out exceptionally quick.
The 'fuss' was that it targeted systems in at least NINETY-NINE countries, and temporarily shut down the networks in many massive organisations.

 

NHS was one of them. I'm told it was the first time the NHS shutdown due to a situation not involving worker strikes. LOL

 

I think it was terrible that the NHS was shutdown by the malware infection. I hope that patients did not suffer as a result of the malware.

 

I still don't see what the fuss is about.It's the same crap that has been going on for the last few years.

Luckily i have not been effected by this issue not once since it started.And i am on the net for 6 to 8 hours a day.

This first attack really started back in 1980's so it's nothing really all that new.Just make sure your system has adblockers and malware fighters on it and it should be just fine.

Adblockers are your best thing to have.I have come across so many bad sites that do nothing but pop up ad's that have this stuff.

There are a lot worse malware and virus out there that most people have never even heard of.

It may slow firefox down a little bit but i would rather be safer than most people than not having any type of protection the internet explorer or edge which both have zero protection against these attacks.And people wonder way there system gets infected by these bad web sites that drop virus's and malware into the system with out you knowing about it.

Firefox
plus
Adblockplus
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/?src=search
Element Hiding Helper for Adblock Plus
https://addons.mozilla.org/en-US/firefox/addon/elemhidehelper/?src=search
uBlock Origin
https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/?src=search
Pop-up Controller
https://addons.mozilla.org/en-US/firefox/addon/pop-up-control/?src=search

So far with these in my firefox add ons i have not have had much of an issue.

The only problem is that you will have to disable them when you are entering a secure site like banking and credit card sites.

 

True!

 

Can you confirm or deny this DavidGP? Woody Leonhard insists that XP computers were NOT hit by the original wave. Rather it was unpatched Windows 7 computers.
Source: https://www.askwoody.com/2017/the-original-wannacry-does-not-infect-windows-xp-boxes/

He stated this for a week. Obviously he is not in the UK so I'm not sure what he is using as his source of information.

Note: that isn't to say XP will not be hit with copycat malware.

 

Well i was fully patched and i run windows 7 64 bit and did not see any hits like ransom ware on my system.

Or may be it's me that prevents that infection i guess.

I have not used windows xp in about 7 years.I stuck with pretty much windows 7 be cause most of my stuff is comparable i guess.I am even running windows 7 on my newer laptop.It was a pain to find all the correct files needed.

 

Yup. Microsoft patched this exploit for Windows 7-10 a few months ago. Up to date Windows installs are fine. MS released a patch for XP a day or two after the ransomware hit.

 

The fix that MS released recently was actually for XP, Windows Server 2003 and Windows 8. It's detailed clearly in the Customer Guidance Statement they issued at the time, but there still seems to be confusion.

 

We have a lot of installs that are 16 - 20 years old and still running. Good thing they are not Windows, LOL.

 

I have 10 computers in my house. Most are Linux, BSD, and iOS. I spend the most time maintaining my Win 10 Pro laptop.

 

I spend almost no time 'maintaining' my 4 systems with Win 10 and I do now use Linux on two of them. I don't 'love' windows and so I don't share the slightly bizarre attitude to Apple Mac products that many (but not all!) of its users have which is often verging on religious faith.
The reason Windows is targetted for malware is nothing to do with 'Apple' good, 'Windows' bad. It's because hackers want a stadium full of victims, not a village hall!

 

This also explains why large organisations suffered so much more than consumers. Most businesses take the "if it's not broken, don't mess with it" approach to their computer systems.

 

I am trying to track down the source for this Kaspersky image that shows WannaCry (the original strain) does not affect XP
https://www.askwoody.com/2017/windows-10-anniversary-update-ok/

If anyone can track down that Kaspersky article source, either post the link here or send me a PM with it.
Thanks in advance.

 

Thanks.
I found the original tweet https://twitter.com/craiu
then an article by Dan Goodin that showed the graph.

Amazing More than 97% of the computer infected were running Windows 7.
Source: https://arstechnica.com/security/20...reason-last-weeks-wcry-worm-spread-so-widely/

 

plodr, I think Woody is right and this might be how he sees it, as I do.
MS TechNet related WannaCry to SMBv1 in their intro here https://social.technet.microsoft.co...-wannacry-why-and-how-to-avoid-them-both.aspx
Kaspersky relates it to SMBv2 here https://securelist.com/blog/inciden...sed-in-widespread-attacks-all-over-the-world/
Looking at the SMB - OS deployment history, according to wiki, XP uses SMBv1 protocol, SMBv2 was introduced with Vista and Win7, and SMBv3 with Win 8 and 10 https://en.wikipedia.org/wiki/Server_Message_Block
So, if Kaspersky is right in that its an SMBv2 problem, which the stats seem to support, we wouldn't see it on XP, 8, nor 10. Vista was too statistically insignificant to appear on their graph. It sure seems MS TechNet had it wrong.

 

While more Windows 7 PC were infected, don't forget...

https://krebsonsecurity.com/2017/05/microsoft-issues-wanacrypt-patch-for-windows-8-xp/

Everyone's attention was diverted to companies using PCs running Windows XP and then the hackers hit those running unpatched Windows 7 systems.
Clever ploy...

 

I suspect this is one of the downsides of the problems posted about here many times in the last year about users with problems running updates on Windows 7. Given that for every user who posts on an online forum, there will be at least 100 others facing the same problem, I wouldn't be surprised if a large number of Win 7 users simply turned off Windows Update. Given that Win 7 has the largest number of users (much larger than Vista, 8 and 10) that would explain why it was hit the hardest.
But MS did include a security update for the hacking tool in March and I suspect it was simply not applied.
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

 

Alternatively, they set it to update at night when they're not using the computer, without realizing that the computer actually has to be on for the update to run.

I'm not kidding. A friend of mine did this a couple of years ago.

 

This reminds me of a story my parents use to tell of a neighbor getting her first car with air-conditioning. She went to the grocery and got her groceries, much of which needed refrigeration, and spent the rest of the day shopping at Sears, Roebuck & Co. before going home. Because after all her car had air-conditioning.

 

Now you have me wondering how low I can set my "pet protection". My car will not let the interior above a set value, the air conditioning automatically comes on to protect pets. Maybe I can keep my groceries cool!

 

"pet protection" should be named " child and pet protection". Sadly we see tragic news reports all to often about this.

On a lighter note, I wonder how long it took this lady to realize air conditioning did not work unless motor is running?