Results 1 to 5 of 5

Thread: WannaCry Ransomeware

  1. #1
    Lead Moderator calikid's Avatar
    Join Date
    Nov 2011
    Location
    Sunny California
    Posts
    8,486
    Blog Entries
    19

    WannaCry Ransomeware

    WannaCry Ransomeware. For those of you following along at home, we have been covering this fiasco for a couple of months.
    A simple timeline, in case anyone missed one of the pieces.

    ***In January 2017, it was made public that a group called ShadowBrokers had offered up for sale on the DarkWeb a hacking tool kit they had stolen.
    It was reportedly (unconfirmed?) developed by NSA/CIA back in 2013, and some labeled it a "Cyber-warfare Weapon".
    The ShadowBrokers were asking a substantial sum, in bitcoin, for the toolkit.

    ***March 2017. Microsoft quietly pushes out a few updates. No muss, no fuss.

    ***Late April 2017. The ShadowBrokers announced the toolkit wasn't the hot selling item they were hoping for, so they published the toolkit into the public domain for anybody to D/L for free.
    At the time the toolkit was made free to the public, it was also announced that the March 2017 MS updates contained a patch to this zero-day vulnerability.
    But only for "newer" Windows versions
    , and only if the patches were actually installed.

    I can't speak for all IT professionals, but I was shocked, nearly panicked, at the idea of weapons grade Cyberweapons loose in the wild. I immediately began a systematic program of insuring all PC's under my purview (hundreds, mainly WIN7PRO) had every critical Windows update from the March 2017 release installed.

    ***Mid May 2017 HEADLINE: WannaCrypt/WannaCry Ransomeware spreads GLOBAL. UK Health, FedEX, etc. Systems Hit Hard.
    Desktops around the world are held hostage, with a notice: Ooops, your files have been encrypted! And asks for $300 in bitcoin ransome is displayed.
    Apparently the fallout is bad enough that Microsoft, who has discontinued support for older Windows versions (WinXP, WIN8.0, Server2003, etc.), has agreed to publish a free update to help combat the spread of WannaCry.

    One ray of sunshine. A young anti-virus researcher noticed a URL embedded into the software, turned out to be a domain the Ransomware checked for activity. When the researcher registered and activated the domain, it acted like a kill-switch, disabling the Ransomware.
    Sadly, it did not last, as newer infections ignore the kill-switch.

    A few controversial questions do persist.
    How did Microsoft know to push out the updates? Why didn't it happen sooner?
    Is it possible one of the government agencies who allowed this toolkit to be stolen, be held liable for the damage it caused?

    What follows is a recent article on how to keep safe from WannaCry.




    How to protect yourself from WannaCry ransomware
    The ransomware attack is holding computer systems hostage worldwide. Here's what you need to know to keep yourself as safe as possible.

    The battle against the WannaCry ransomware continues. (In many spaces it's referred to as WannaCrypt. There appears to be no substantive difference between the two.)

    The attack, which started on Friday, locked people out of their computers and encrypts their files, demanding they pay up to $300 in bitcoin -- a price that doubles after three days -- to receive a decryption key or risk losing their important files forever. What's worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.

    The ransomware was slowed by a security analyst last week after discovering a kill switch in its code, but has since been updated without the kill switch, allowing it to grow further. WannaCry has now reached more than 150 countries and 200,000 computers, shutting down hospitals, universities, warehouses and banks.

    Though it might seem to be an issue for only businesses, institutions and governments, individuals are at risk, too, as WannaCry targets a Windows operating system flaw in older versions of the OS that have not been patched.
    Story Continues

    How to protect yourself from WannaCry ransomware
    The aim of an argument or discussion should not be victory, but
    progress. -- Joseph Joubert
    Attachment 1008

  2. #2
    Where do the victims have to deposit the bitcoin? Can that be used in anyway to track the hackers and prosecute them?
    My inner Mulder wants to believe, but my inner Scully remains skeptical.

  3. #3
    From what little I have heard and read, it appears that thus far only Windows based systems are potential for this infection.............just another good reason to have a MAC/OSX operating system!! Love my IMAC!

  4. #4
    Lead Moderator calikid's Avatar
    Join Date
    Nov 2011
    Location
    Sunny California
    Posts
    8,486
    Blog Entries
    19
    Quote Originally Posted by Wally View Post
    Where do the victims have to deposit the bitcoin? Can that be used in anyway to track the hackers and prosecute them?
    The "infection" pops up explicit instructions on what has happened, and how to pay in bitcoin for a decryption key to recover user files.

    Fairly easy to cover your tracks with bitcoin transactions (Probably why they chose it). Take a real rookie mistake to get caught.

    Screen shot of "WANNACRY" pop-up

    The aim of an argument or discussion should not be victory, but
    progress. -- Joseph Joubert
    Attachment 1008

  5. #5
    Lead Moderator calikid's Avatar
    Join Date
    Nov 2011
    Location
    Sunny California
    Posts
    8,486
    Blog Entries
    19
    Quote Originally Posted by rdunk View Post
    From what little I have heard and read, it appears that thus far only Windows based systems are potential for this infection.............just another good reason to have a MAC/OSX operating system!! Love my IMAC!
    Apple products are only a small fraction of the installed Computer operating systems worldwide.
    Hackers, being the lazy guys they are, naturally prefer a target rich (Windows) environment.

    As Apple's market niche increases, Apple products too will no doubt become widely targeted. If there is illegal money to be made...

    Who is to say the next stolen "tool kit" won't target MAC? Have to figure Cyberweapons exist in many flavors.

    It was the "toolkit" that allowed the hackers to penetrate the systems (as mentioned above, 8-15yo versions of Windows were most susceptible).
    Once inside, the hackers can run any program they like.
    This time it was Ransomware.
    The aim of an argument or discussion should not be victory, but
    progress. -- Joseph Joubert
    Attachment 1008

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •