Ransomware Shows Devastating Potential With Disruptive Global Attack

Status
Not open for further replies.
I am a IT Admin at OUHSC and we just found out about this. I think it's called WannaCry or something, and it uses 4 different types of file extensions. If I'm not mistaken, Microsoft has released a patch back in March, so keeping Windows updated should take care of this.
 

therealduckofdeath

Honorable
May 10, 2012
783
0
11,160
I think, the most important lesson organisations should learn from this exploit is, reconsider sticking to processes like ITIL. ITIL worked great in the old days. Today, most exploits are too sophisticated to be stopped just by keeping your software at the "last known good state". It needs to be patched and updated a lot faster than that.
 

ern88

Distinguished
Jun 8, 2009
882
12
19,015
I wonder if this could infect Windows 7 users as well? Or is this just a Windows 10 thing. I know a lot of businesses uses Windows 7.
 

Alex Atkin UK

Distinguished
Jun 11, 2012
51
2
18,545
From Wired: "The vulnerability (MS17-010) is linked to Microsoft machines and can affect Windows Vista, 7, 8, 10 and versions of the Windows Server software.

Microsoft fixed MS17-010 in its March release but it is likely organisations affected did not patch their devices before the spread of the malware."

This is interesting as it has previously been reported that most of the NHS still use XP, so is that vulnerable too or was it ironically only that small percentage that HAD upgraded that got infected?
 

alextheblue

Distinguished

XP is incredibly vulnerable. I wouldn't run XP outside of a virtualized environment at this point, at least not on a machine that has internet access.
 
the main question in my mind is how did they get infected? phishing email? inserting already infected usb? because most of the time people who use pc needs to be trained/seminar about phishing email/scams, virus etc. i think they need to train/give a seminar on all those people who use pc. (because let's face it, most ppl that is not tech savy will just click a link in a email telling them they won something then boom ransomware installed.)
 

alidan

Splendid
Aug 5, 2009
5,303
0
25,780

apparently its just load a website with the worm and your hit, no execute anything, from my understanding an nsa "tool" that got leaked
 

sh4dow83

Distinguished
Jul 4, 2011
59
0
18,630
Some of the comments here make me wonder whether the attackers post on sites like these to confuse people. Or whether the technical knowledge of users here is about as good as their grammar skills.

Based on the Cisco article, it seems clear to me that this thing spreads only via file execution or SMB remote execution. So as long as you don't execute suspicious files and you are patched or your SMB ports are closed anyway, you should be good.
 

InvalidError

Titan
Moderator

The bitcoin block chain is public, it is open-book to everyone, everyone can see the bitcoins going in/out of the ransomware wallet. The difficulty is finding the real people associated with a given wallet. In all likelihood, the perps have setup multiple bitcoin accounts to bounce the bitcoins off of, dilute them and obfuscate the money trail. With no names attached to intermediate accounts, it becomes very difficult to tell at what point bitcoins went from perp-controlled wallets to someone else.

Many people also setup one-time-use or partner-specific wallets when they want to accept payment from a third-party without revealing their own primary wallet address.
 

burchsranch

Distinguished
Aug 7, 2012
36
0
18,530
why would anyone still be running xp? and if anyone pays them isnt that asking for more of the same? i mean a new hard drive is less than 50.00
 

InvalidError

Titan
Moderator

I still have two computers running XP because:
- I have thousands of dollars worth of academic licenses tied to those systems which I have no desire to replace or potentially lose in the upgrade process
- those systems cannot run newer versions of Windows and even if they could, they already have too little RAM and are too slow to comfortably run the software I occasionally need them to run so upgrading to a more resource-intensive OS can only make this worse
- some legacy hardware I own such as my flatbed scanner don't have drivers for anything newer than XP and I have no desire to upgrade equipment that I use only for a few days each year

So, even if Microsoft offered me free upgrades for my XP PC and laptop, that would still be no-go for me. I'm sure other people have other reasons to stick with XP on some PCs. I even have one PC with Windows 98SE on it that I keep around just in case I feel like playing FFVII-PC again.
 
Status
Not open for further replies.