Ransomware Shows Devastating Potential With Disruptive Global Attack

[Lucian Armasu]

Global attack showed that ransomare isn't just a niche type of malware anymore that affects some random users or institutions. The attacks can now spread like wildfire across organizations, representing a risk for anyone with a computer or network

Ransomware Shows Devastating Potential With Disruptive Global Attack : Read more

 

[Herc08]

I am a IT Admin at OUHSC and we just found out about this. I think it's called WannaCry or something, and it uses 4 different types of file extensions. If I'm not mistaken, Microsoft has released a patch back in March, so keeping Windows updated should take care of this.

 

[moy2010]

Please RTFA before commenting...

 

[therealduckofdeath]

I think, the most important lesson organisations should learn from this exploit is, reconsider sticking to processes like ITIL. ITIL worked great in the old days. Today, most exploits are too sophisticated to be stopped just by keeping your software at the "last known good state". It needs to be patched and updated a lot faster than that.

 

[ern88]

I wonder if this could infect Windows 7 users as well? Or is this just a Windows 10 thing. I know a lot of businesses uses Windows 7.

 

[Alex Atkin UK]

From Wired: "The vulnerability (MS17-010) is linked to Microsoft machines and can affect Windows Vista, 7, 8, 10 and versions of the Windows Server software.

Microsoft fixed MS17-010 in its March release but it is likely organisations affected did not patch their devices before the spread of the malware."

This is interesting as it has previously been reported that most of the NHS still use XP, so is that vulnerable too or was it ironically only that small percentage that HAD upgraded that got infected?

 

[alidan]

thankyou microsoft for disabling my ability to patch my computer.

 

[alextheblue]

From Wired: "The vulnerability (MS17-010) is linked to Microsoft machines and can affect Windows Vista, 7, 8, 10 and versions of the Windows Server software.

Microsoft fixed MS17-010 in its March release but it is likely organisations affected did not patch their devices before the spread of the malware."

This is interesting as it has previously been reported that most of the NHS still use XP, so is that vulnerable too or was it ironically only that small percentage that HAD upgraded that got infected?

XP is incredibly vulnerable. I wouldn't run XP outside of a virtualized environment at this point, at least not on a machine that has internet access.

 

[qazzi]

the main question in my mind is how did they get infected? phishing email? inserting already infected usb? because most of the time people who use pc needs to be trained/seminar about phishing email/scams, virus etc. i think they need to train/give a seminar on all those people who use pc. (because let's face it, most ppl that is not tech savy will just click a link in a email telling them they won something then boom ransomware installed.)

 

[alidan]

the main question in my mind is how did they get infected? phishing email? inserting already infected usb? because most of the time people who use pc needs to be trained/seminar about phishing email/scams, virus etc. i think they need to train/give a seminar on all those people who use pc. (because let's face it, most ppl that is not tech savy will just click a link in a email telling them they won something then boom ransomware installed.)

apparently its just load a website with the worm and your hit, no execute anything, from my understanding an nsa "tool" that got leaked

 

[sh4dow83]

People who are technically proficient should REALLY read that Cisco article above everything else.

 

[gaaah]

So I guess the implication is that BitCoin is impossible to track?

 

[sh4dow83]

Some of the comments here make me wonder whether the attackers post on sites like these to confuse people. Or whether the technical knowledge of users here is about as good as their grammar skills.

Based on the Cisco article, it seems clear to me that this thing spreads only via file execution or SMB remote execution. So as long as you don't execute suspicious files and you are patched or your SMB ports are closed anyway, you should be good.

 

[InvalidError]

So I guess the implication is that BitCoin is impossible to track?

The bitcoin block chain is public, it is open-book to everyone, everyone can see the bitcoins going in/out of the ransomware wallet. The difficulty is finding the real people associated with a given wallet. In all likelihood, the perps have setup multiple bitcoin accounts to bounce the bitcoins off of, dilute them and obfuscate the money trail. With no names attached to intermediate accounts, it becomes very difficult to tell at what point bitcoins went from perp-controlled wallets to someone else.

Many people also setup one-time-use or partner-specific wallets when they want to accept payment from a third-party without revealing their own primary wallet address.

 

[Jim90]

Perhaps a good reminder...BACKUP!!
Maybe the HDD market will pick up in the future.

 

[TripleHeinz]

The Russians were hacked by the Russians.

 

[burchsranch]

why would anyone still be running xp? and if anyone pays them isnt that asking for more of the same? i mean a new hard drive is less than 50.00

 

[InvalidError]

why would anyone still be running xp? and if anyone pays them isnt that asking for more of the same? i mean a new hard drive is less than 50.00

I still have two computers running XP because:
- I have thousands of dollars worth of academic licenses tied to those systems which I have no desire to replace or potentially lose in the upgrade process
- those systems cannot run newer versions of Windows and even if they could, they already have too little RAM and are too slow to comfortably run the software I occasionally need them to run so upgrading to a more resource-intensive OS can only make this worse
- some legacy hardware I own such as my flatbed scanner don't have drivers for anything newer than XP and I have no desire to upgrade equipment that I use only for a few days each year

So, even if Microsoft offered me free upgrades for my XP PC and laptop, that would still be no-go for me. I'm sure other people have other reasons to stick with XP on some PCs. I even have one PC with Windows 98SE on it that I keep around just in case I feel like playing FFVII-PC again.