Your question
Closed

Huge Ransomware Attack Spreads Across Globe: What to Do

Tags:
  • Security
  • Malware
Last response: in Antivirus / Security / Privacy
May 12, 2017 1:06:37 PM

So it's entirely a Microsoft Windows problem?
Score
1
May 12, 2017 1:08:15 PM

Nei1 said:
So it's entirely a Microsoft Windows problem?


Yes.
Score
1
May 12, 2017 1:42:00 PM

Avast-Team said:
Our threat labs posted an interesting article on this attack today. WanaCrypt0r has been around since February, but we've seen over 75,000 detections worldwide just today.

https://blog.avast.com/ransomware-that-infected-telefon...


Yes, I've already linked to your blog posting in the story above.
Score
0
May 12, 2017 1:58:42 PM

Paul Wagenseil said:
Avast-Team said:
Our threat labs posted an interesting article on this attack today. WanaCrypt0r has been around since February, but we've seen over 75,000 detections worldwide just today.

https://blog.avast.com/ransomware-that-infected-telefon...


Yes, I've already linked to your blog posting in the story above.


Thanks Paul, I see it now! Apologies for the double post if it was already included.
Score
0
May 12, 2017 2:10:35 PM

This is the lead story on Foxnews.com right now. Their article says that the malware was stolen from the N.S.A. last year.
Score
0
May 12, 2017 2:38:18 PM

Why should governments, hospitals, public offices and telecoms go around buying expensive Windows products which causes them much havoc form time to time, sometimes from rather minuscule malware codes?
Score
0
May 12, 2017 2:50:50 PM

You can just hold ctrl alt del and pull up task manager then close your browser. Problem solved.
Score
0
May 12, 2017 2:55:28 PM

Correction: Shadowbrokers released this code dump. NOT Wikileaks.
Score
0
May 12, 2017 2:55:29 PM

Correction: It wasn't a Wikileaks dump that released this. It was the ShadowBrokers code dump.
Score
0
May 12, 2017 3:21:18 PM

Source: https://wikileaks.org/ciav7p1/

"Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published."
Score
0
May 12, 2017 3:24:18 PM

https://arstechnica.com/security/2017/04/nsa-leaking-sh...

"The full list of tools documented by Hickey are:

ETERNALROMANCE?—?Remote privilege escalation (SYSTEM) exploit (Windows XP to Windows 2008 over TCP port 445)
ENTERNALCHAMPION, ETERNALSYSTEM?—?Remote exploit up to Windows 8 and 2012
ETERNALBLUE — Remote Exploit via SMB & NBT (Windows XP to Windows 2012)
EXPLODINGCAN?—?Remote IIS 6.0 exploit for Windows 2003
EWORKFRENZY?—?Lotus Domino 6.5.4 and 7.0.2 exploit
ETERNALSYNERGY?—?Windows 8 and Windows Server 2012
FUZZBUNCH?—?Exploit Framework (Similar to Metasploit) for the exploits."
Score
0
May 12, 2017 4:49:48 PM

All these bugs (in this case, the ruse of encryption) work within the MS-OS files only (keyword: Server Message Block). It encrypts access to the files, not every individual file alone. Physically pull the HDD, buy a USB-to-SATA adapter cable (amazon.com, walmart.com, etc. I got 2 of them), then plug the infected HDD into a Linux-based (only) PC or laptop; it will pop-up as an external USB device. It will not boot because an OS is already running (and the Linux OS would not recognize or execute them anyway). Copy (not cut/paste) all the files you want to keep, onto another external storage device, ignoring the many Windows OS files. Then, buy and install an SSD back into the infected PC, and install on it, any popular Linux Distro. Then, reformat the infected HDD using gParted; it will wipe the entire HDD, removing all partitions, effectively turning it into an external USB storage device that can be left plugged in, via the adapter cable. Store everything on external devices; only use the internal SSD for the OS; thus, you'd only need a 128G SSD. I have successfully done this twice on supposedly encryption-ransomed equipment.
Score
0
May 12, 2017 11:53:38 PM

It's likely that there will be more leaks of more serious NSA exploits and hackers are creative at using them for their gains.

Always disable unsecure protocols you dont need and patch your systems. If you want to know whether SMB1 is enabled on your system, there are some easy ways to do that yourself. SMB1 is the protocol that is exploited by the ransomware: http://windows7themes.net/en-us/how-to-disable-smbv1-on...
Score
0
May 13, 2017 12:02:58 AM

PaulAndrewAnderson said:
All these bugs work within the MS-OS files. Physically pull the HHD, buy a USB-to-SATA adapter cable (amazon.com, walmart.com, etc. I got 2 of them), then plug the infected HDD into a Linux-based (only) PC or laptop; it will pop-up as an external USB device. It will not boot because an OS is already running (and the Linux OS would not recognize or execute them anyway). Copy (not cut/paste) all the files you want to keep, onto another external storage device, ignoring the many Windows OS files. Then, buy and install an SSD back into the infected PC, and install on it, any popular Linux Distro. Then, reformat the infected HDD using gParted; it will wipe the entire HDD, removing all partitions, effectively turning it into an external USB storage device that can be left plugged in, via the adapter cable. Store everything on external devices; only use the internal SSD for the OS; thus, you'd only need a 128G SSD.


only one thing..., the files get encrypted so copying them to Linux would do..... nothing...


Score
0
May 13, 2017 1:59:27 AM

Does this mean Mac book or apple phones are not affected or will not be affected by this Ransomware attack?.Please guide me.Would appreciate your reply with proper guidance. Many thanks in advance.
Score
0
May 13, 2017 3:30:50 AM

I've heard Linux has its own loopholes
Score
0
May 13, 2017 6:29:31 AM

mjslakeridge said:
This is the lead story on Foxnews.com right now. Their article says that the malware was stolen from the N.S.A. last year.


The exploit of a previously unknown flaw in Windows that makes this attack possible was stolen from the NSA at some point over the past few years. This ransomware uses that exploit to break into computer, but the NSA itself did NOT develop this ransomware.

Think of the exploit as a key, and the ransomware as the burglar who gets a stolen copy of that key.
Score
0
May 13, 2017 6:30:32 AM

Intishar said:
Why should governments, hospitals, public offices and telecoms go around buying expensive Windows products which causes them much havoc form time to time, sometimes from rather minuscule malware codes?


What would you propose as an alternative?
Score
0
May 13, 2017 6:30:57 AM

topher_1 said:
You can just hold ctrl alt del and pull up task manager then close your browser. Problem solved.


No.
Score
0
May 13, 2017 6:32:15 AM

kittyhundal said:
Correction: Shadowbrokers released this code dump. NOT Wikileaks.


You're absolutely right, and I've corrected that error in the story above. It's my mistake.
Score
0
May 13, 2017 6:34:11 AM

PaulAndrewAnderson said:
All these bugs work within the MS-OS files. Physically pull the HHD, buy a USB-to-SATA adapter cable (amazon.com, walmart.com, etc. I got 2 of them), then plug the infected HDD into a Linux-based (only) PC or laptop; it will pop-up as an external USB device. It will not boot because an OS is already running (and the Linux OS would not recognize or execute them anyway). Copy (not cut/paste) all the files you want to keep, onto another external storage device, ignoring the many Windows OS files. Then, buy and install an SSD back into the infected PC, and install on it, any popular Linux Distro. Then, reformat the infected HDD using gParted; it will wipe the entire HDD, removing all partitions, effectively turning it into an external USB storage device that can be left plugged in, via the adapter cable. Store everything on external devices; only use the internal SSD for the OS; thus, you'd only need a 128G SSD.


None of that will do anything to recover files encrypted by the ransomware.
Score
0
May 13, 2017 6:35:28 AM

aishsri said:
Does this mean Mac book or apple phones are not affected or will not be affected by this Ransomware attack?.Please guide me.Would appreciate your reply with proper guidance. Many thanks in advance.


Apple devices are not affected by this attack, unless you've got a Mac running Windows. However, other forms of ransomware do attack Macs.
Score
0
May 13, 2017 6:37:14 AM

Androguff said:
I've heard Linux has its own loopholes


Linux has had many well-documented security flaws. As in Windows, the flaws are continually being found and patched.
Score
0
May 13, 2017 6:47:05 AM


Paul Wagenseil said:
aishsri said:
Does this mean Mac book or apple phones are not affected or will not be affected by this Ransomware attack?.Please guide me.Would appreciate your reply with proper guidance. Many thanks in advance.


Apple devices are not affected by this attack, unless you've got a Mac running Windows. However, other forms of ransomware do attack Macs.


Very kind of you to reply back. Would also appreciate, a good program which could possibly keep my mac safe and sound from any kind of attacks as these?. or i don't need one at all as i keep regular update of os software?.

Score
0
May 13, 2017 7:42:23 AM

What is wrong with large organizations that fail to update their Windows systems? Microsoft provided fixes for most systems in March and EVERYONE knows they stopped providing support for XP even before that (April 2014 to be exact). It doesn't matter whether you hate Microsoft or not, if you are a business and continue to run XP after Microsoft stopped supporting it, you are begging for a disaster. Apparently, it now has happened.
Score
0
May 15, 2017 3:02:54 PM

aishsri said:

Paul Wagenseil said:
aishsri said:
Does this mean Mac book or apple phones are not affected or will not be affected by this Ransomware attack?.Please guide me.Would appreciate your reply with proper guidance. Many thanks in advance.


Apple devices are not affected by this attack, unless you've got a Mac running Windows. However, other forms of ransomware do attack Macs.


Very kind of you to reply back. Would also appreciate, a good program which could possibly keep my mac safe and sound from any kind of attacks as these?. or i don't need one at all as i keep regular update of os software?.



Certainly -- we have a roundup of Mac antivirus software here: http://www.tomsguide.com/us/best-antivirus,review-2588-.... Yes, you do need it.
Score
0
May 15, 2017 3:04:46 PM

BruceS78 said:
What is wrong with large organizations that fail to update their Windows systems? Microsoft provided fixes for most systems in March and EVERYONE knows they stopped providing support for XP even before that (April 2014 to be exact). It doesn't matter whether you hate Microsoft or not, if you are a business and continue to run XP after Microsoft stopped supporting it, you are begging for a disaster. Apparently, it now has happened.


That's certainly true of many businesses. But medical providers often have expensive equipment that's designed to last for decades yet runs software that, for various reasons, can't be updated. In many cases, that software is Windows XP.
Score
0
May 15, 2017 3:08:55 PM

paulbuyon said:
according to microsoft they no longer provide security updates since April 8, 2014 here is website to explain
https://www.microsoft.com/en-us/windowsforbusiness/end-...


That applies only to Windows XP. Support for Windows Vista was similarly discontinued this past April, but in March that OS did receive the patch that would have protected it against WannaCry.

Microsoft has now released a WannaCry patch for Windows XP and for Windows 8, which is also out of extended support. You can find patches for XP and 8, as well as for Windows Server 2003, at the end of this document: https://blogs.technet.microsoft.com/msrc/2017/05/12/cus...
Score
0
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS