Wanna Cry ?? (Windows Vulnerabilty Patch Now!!!)

buglegirl

I Want To Be The Girl With The Most Cake
Subscriber
Hiya,

Part of the NSA Tool Kit Release Of A Month Ago.

Note that this was only patched about a month ago. Not known if older Windows are vulnerable. (Like XP/Vista)

Excerpt::

A massive cyber-attack using tools believed to have been developed by the US National Security Agency has struck organisations around the world.

Computers in thousands of locations have been locked by a programme that demands $300 (£230) in Bitcoin.

In April hackers known as The Shadow Brokers claimed to have stolen the tools and released them online.

Microsoft released a patch for the vulnerability in March, but many systems may not have been updated.

Article::

http://www.bbc.com/news/technology-39901382

This is going to get worse before better because that Tool Kit release opened up a huge amount of tools for the ass clowns of the world.

Here is what I know as of mid afternoon today.

Last Sept Win Server 2008 , Server 2012 , Vista , Win 7 and Win 8.1 (But NOT WIN 8.0!!) were patched for this.

https://technet.microsoft.com/library/security/MS16-114

March after the NSA Toolkit was released a patch was quickly put out for Win 10 (So if you are updated you should be OK)

Today after the uproar they put out a patch for XP , Server 2003 and Win 8 (Manual Download!!!)

https://krebsonsecurity.com/2017/05/microsoft-issues-wanacrypt-patch-for-windows-8-xp/

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ <------ Manual Patch Instructions For Win 8 , XP And Server 2003

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

What a fricking joke and it raises all sorts of questions.

Sigh,

Frannie
 
Last edited:
I hear they're making some real progress with SkyNet as well ... ;-}

Build it, they will steal.

Anyway ... safe to assUme that if you're w8.1 and newer AND you have automatic updates enabled, yer good? I just double checked, and it shows 9 optional (non-critical) updates available.
 
Anyway ... safe to assUme that if you're w8.1 and newer AND you have automatic updates enabled, yer good? I just double checked, and it shows 9 optional (non-critical) updates available.
Yes you should be good to go. But like you did run and check updates because you never know if the update tried and failed and maybe its not applied.

Frannie
 
Also a good idea to keep your data on a separate drive from the OS ... I assUme (got lucky the last time there) that none of this should lock out anything but the OS ...

BAD ASSUMPTION

Ransomware encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.

~ ~ ~

** I did just check my HTPC, and that's still w8. There, I DO have all the music on a separate drive, and I'd really really hate to lose access to that. Have to read up on the manual patch, set a manual restore point, and git er done. If nothing else, I do have a fairly current backup run available.

PS ... I also run Avast (free) and do regular runs with MalWareBytes and their ADWCleaner app. Will these head off any problems with this goodness?
 
Thanks for posting this for our community. It's comforting to have one of our own watching out for us, and providing an answer that cuts through the BS and avoids personal agendas.

:thumbsup:
Ernie,

Thanks :)

I do have a personal agenda. I hate thieves. And I really hate cowardly thieves who steal from a safe location via the Internet.

Frannie
 
PS ... I also run Avast (free) and do regular runs with MalWareBytes and their ADWCleaner app. Will these head off any problems with this goodness?
Well the toolkit used to do this hack was developed by the NSA.

So my feeling is that those PC based tools are child's play for them to get around.

So the best option for this hack is to really lock down any Windows file sharing or disable it completely.

Backups are always good as long as that backup server is kept off the Internet.

Frannie
 
WD Passport and TrueImage for backups ... :thumbsup:

PS ... my dOH! moment for the day. I apparently updated the HTPC to 8.1 a while back. Tried installing the patch and got a "wrong operating system ... don't do that" kinda thang.

For anyone double checking their version ... MS did update the version number to show 8.1 is installed, but didn't change the logo on the screen. Gots to read the small print, eh. Not sure if this holds true for all w8.1 installs, or just those that were upgraded from w8 ...

w8-version-screen.jpg


(and yes, long as I'm digging, I did verify the version number listed is for the latest and greatest SP1.)
 
I've taken my NAS offline until I am sure every PC/Box in my house is secure. I don't care about any of the machines getting encrypted (I'd just wipe them and reinstall), but my network storage would be a major problem if it were affected.

I can't see any concrete information on whether Linux based standalone NAS servers on a network would be safe- I assume not. If the windows machine can access the NAS, can the ransomware encrypt the entire contents of it?

I did find this quote in a thread someplace:

"Linus said during the stream that everything connected to the system at all could potentially be infected by the malware. This includes Network Attached Storage if your computer has write access to the share."
 
Last edited:
Can anyone comment on how you get hit?
is it opening an email attachment?
Or is there some other attack vector?
 
Can anyone comment on how you get hit?
is it opening an email attachment?
Or is there some other attack vector?
Seems like that is how it happened at NHS. Via an attachment. Mind you some e-mail clients will open stuff automatically and the next wave of this could come in a different way.

We had servers automatically compromised. No one was checking e-mail on those. They were unmanaged by us and had idiots running them but all the same.

Patch those machines and scope those NAS devices to only share with trusted patched PCS.

I worry about all those older Windows Based NAS devices that are no longer patched.

This week could be a Doozy. Keep an eye on the news if you are interested.

Excerpt::

A UK security researcher known as "MalwareTech", who helped to limit the ransomware attack, predicted "another one coming... quite likely on Monday".

MalwareTech, whose name was revealed in UK media to be 22-year-old Marcus Hutchins, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.

Becky Pinkard, from Digital Shadows, a UK-based cyber-security firm, told AFP news agency that it would be easy for the initial attackers or "copy-cat authors" to change the virus code so it is difficult to guard against.

"Even if a fresh attack does not materialise on Monday, we should expect it soon afterwards," she said.

Article::

http://www.bbc.com/news/technology-39915440

Frannie
 
Hiya,

The Guardian is keeping a live updated feed going on this.

https://www.theguardian.com/technol...overnment-defends-investment-in-security-live

Mind you because they say everything seems to be calm does not mean this is over. The original attack was stopped with a simple work around that is easy for the ass clowns to work around.

So the fact things are calm is to be expected. Its like mowing down the original attack with a machine gun. The next attack will likely come in a different way to avoid that.

Frannie
 
Hiya,

I've taken my NAS offline until I am sure every PC/Box in my house is secure. I don't care about any of the machines getting encrypted (I'd just wipe them and reinstall), but my network storage would be a major problem if it were affected.

I can't see any concrete information on whether Linux based standalone NAS servers on a network would be safe- I assume not. If the windows machine can access the NAS, can the ransomware encrypt the entire contents of it?

I did find this quote in a thread someplace:

"Linus said during the stream that everything connected to the system at all could potentially be infected by the malware. This includes Network Attached Storage if your computer has write access to the share."

The attack does nothing to the actual shares themselves. But it will take any devices attached to those shares off line.

My general advice is to check those attached devices carefully. Do NOT ALLOW people to come by and share your files and make sure any wireless access points are locked way down.

Most people are not as secure as they think they are and can be hacked by some bozo in a couple houses down the street using your wireless access points to stream some videos.

I scope all my wireless devices to only allow MAC Address's from my trusted devices and nothing else.

https://en.wikipedia.org/wiki/MAC_address

VPN's help if you need to get to things remotely.

https://en.wikipedia.org/wiki/Virtual_private_network

And if any of you get hacked. Don't pay the fricking ransom for cripes sake. Pay a local tech instead. Grow skills here not in some dank cave in assclownastan.

Frannie
 
Thanks for the info Frannie! Really appreciate the way you support us!
 
Hello,

More on this

https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware

Some tidbits noted.

1. It does encrypyt files so I am guessing active writeable shares will be hit no matter what OS is running on the NAS.

2. It will infect computers without users doing anything but leaving the machine powered up (As I Have Seen Happen Over The Weekend)

3. Right now backups are the BEST way to recover. Make sure any backups done are done to volumes that you either disconnect or just power down the backup device and un-plug it after doing the backup. Do NOT LEAVE any NAS devices running if you can avoid it.

Twitter Feed (I don't personally endorse Symantec Products but they are cutting through some of the confusion well)

https://twitter.com/threatintel?ref_src=twsrc^google|twcamp^serp|twgr^author

Frannie
 
Hiya,

Been following a few feeds and this just popped up here

https://www.theguardian.com/technol...overnment-defends-investment-in-security-live

Quote::

"The 34-year-old IT support worker in the UK, who wishes to remain anonymous, said once the ransom was handed over, those behind the attack were “very, very helpful”.

Due to the high level of encryption the company was provided keys to decrypt the files with he worker describing the “support” from company from the hackers - given once they had extorted the ransom fee and after causing huge disruption - as “excellent”."

OK I give up.

Yep you had better remain anonymous because I would love to reach out and smack people like you.

Frannie
 
arg-hammer-chasing-nail-animbg-320x200-url.gif
arg-hammer-chasing-nail-animbg-320x200-url.gif


Like this Frannie?

Yeah - I could think of worse things to do to them.....
I dunno maybe pay me the 80,000 pounds and I will fire that idiotic "IT" staff and put in some backups.

Or just take a hammer to their servers.

Frannie
 
People are idiots - I am trying to protect all my home computers as much as possible.
Buy a multi TB external drive.

1. Plug it in

2. Load backup software included

3. Hit backup

4. Grab a beverage and a book or something and wait

5. After done unplug external drive

6. Put backup drive in a safe.

7. Relax and repeat weekly.

Cloud storage is also at risk BTW.

https://krebsonsecurity.com/2016/01/ransomware-a-threat-to-cloud-services-too/

Sneaker Net Backups are the best protection IMHO.

https://en.wikipedia.org/wiki/Sneakernet

Frannie
 
Back
Top Bottom