What's new

Ransomware Outbreak

Suzabro

Administrator
Good reminder to update!

Dozens of countries have been hit with a huge cyber extortion attack that locked computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.

Mikko Hypponen, chief research officer at Helsinki-based cybersecurity company F-Secure, called it “the biggest ransomware outbreak in history”.

Attack appeared to be caused by a self-replicating piece of software that takes advantage of vulnerabilities in older versions of Microsoft Windows, security experts say.

Read More: http://www.abc.net.au/news/2017-05-...ak-in-history-hits-nearly-100-nations/8523102
 

Christopher

Top Contributor
So its a little more complex. Its a rootkit worm, that takes advantage of a backdoor hack that Microsoft has in fact fixed back in March, the only problem is there are so many people still running XP, vista, version 7 and some copies of version 8 & 8.1 that the patch doesn't auto update on. These all are vulnerable. The worm spread by a payload in an email, quickly downloads malware that inturn ads a trojan which goes to work and encrypts the victims computer, blocks other things, then uses the internal email and mailbombs your email contacts with a email that looks un suspicious. It also runs network scans and can push payloads to other computers in the same network. This is why it has been wide spread. And fast acting.
Things to know, the encryption goes beyond Windows, and has the potentiality to encrypt other attached and installed hard drives.
Without the encryption keys data recovery is next to zero. Unlike other rootkit viruses, a boot disk wont restore the system.

If you are still running an old version of windows, that obviously doesn't have updates, because they don't issue them for older systems anymore, then you need to either put linux on instead. Or Have your system in a sandbox, something like Comodo internet security suite creates a virtual container to work inside, and anything opened inside this can be blown away if gets out of control.
I also would move all personal and important files to external removed drives.
 

findtim

Top Contributor
when i read that i just have to think " did microsoft create it" ?
surely its VERY advantageous for them to kill off old microsoft versions !

tim
 

Christopher

Top Contributor
when i read that i just have to think " did Microsoft create it" ?
surely its VERY advantageous for them to kill off old Microsoft versions !

tim
I know what your saying, but apparently NSA had developed the hack tool for it, but other hackers, hacked NSA and released all their hack tools to the open market, including undisclosed vulnerabilities they failed to tell MSoft about.
 

chris

Top Contributor
Interesting story, here's an excellent write up from a researcher in the UK that ended up slowing down the attack up by registering a domain:

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

Now one thing that’s important to note is the actual registration of the domain was not on a whim. My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I’m always on the lookout to pick up unregistered malware control server (C2) domains. In fact I registered several thousand of such domains in the past year.

Our standard model goes something like this.

  1. Look for unregistered or expired C2 domains belonging to active botnets and point it to our sinkhole (a sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them).
  2. Gather data on the geographical distribution and scale of the infections, including IP addresses, which can be used to notify victims that they’re infected and assist law enforcement.
  3. Reverse engineer the malware and see if there are any vulnerabilities in the code which would allow us to take-over the malware/botnet and prevent the spread or malicious use, via the domain we registered.
In the case of WannaCrypt, step 1, 2 and 3 were all one and the same, I just didn’t know it yet.

This highlights the importance that domains are critical infrastructure.
 

Christopher

Top Contributor
Just to validate my thoughts that Comodo's internet security suite would sandbox the threat. Here is someone testing just that. Note mute the sound, its just an annoying music backing.
 

Blue Wren

Top Contributor
when i read that i just have to think " did microsoft create it" ?
surely its VERY advantageous for them to kill off old microsoft versions !

tim
N S A created a tool against an MS Windows exploit; then developed further by malcious people for neferious purposes.
 

Christopher

Top Contributor
This can still outbreak again. We tried updating old Vista computers, and the patches MS supplied didn't work. Infact no update works. The current payload looked for a particular domain, if it found that domain it stopped replicating and pushing out the payload. So the current fix was registering that domain. But when I say this could outbreak again, all the attackers would have to do is modify their code to not have it need to look for that domain name. It could simply not have an exit in its code. So it still could happen again in a weeks time. The question is how did it get opened in the first place. Where did it originate from first, have they tracked down who sent the first payload. And why did it out break in hospitals predominately. Why are these places using older systems.
 

Christopher

Top Contributor
why on earth are you still running vista?!!
I have an old machine, not connected to the internet. With Legacy software on it. I use photoshop on, and other software on. The old hardware has prevented it been upgraded. The chipset on the mboard is in compatible with windows 10 so its impossible to do software upgrades further. Cost is a big factor in these descions. I have other machines that are up to date with current software. Just wanted to use the patches to keep them current, but even they don't work.
 

Community sponsors

Domain Parking Manager

AddMe Reputation Management

Digital Marketing Experts

Catch Expired Domains

Web Hosting

Members online

No members online now.

Forum statistics

Threads
11,098
Messages
92,044
Members
2,394
Latest member
Spacemo
Top